Event Summary 11.16.2022

Cybersecurity: How Are You Safeguarding Patient Data?

2022 HIMSS MN Chapter and Minnesota e-Health Initiative Virtual Series - Week 3

Cybersecurity - How are you safeguarding patient data

On November 9th, Rick Herbas, Dawn Mandile, and Fatima Zehra attended the 2022 HIMSS MN Chapter and Minnesota e-Health Initiative Virtual Series week 3 session on Cybersecurity: How Are You Safeguarding Patient Data? The event included a presentation which highlighted the importance of cybersecurity to keep patient data safe including analyzing, assessing, and mitigating risks.

Keynote Speaker:

  • Jim Brady – PhD, CISSP, CISM, CRISC, CHCIO, CDH-E, PMP, FHIMSS, Vice President & CISO, Cybersecurity and Risk Management, M Health Fairview

Co-Presenters and Panelists:

  • Dave Harvey – MS, Director, IT Risk and Compliance Management, M Health Fairview
  • Ashok Kallam – MCA, Director, Cybersecurity & Associate Chief Information Security Officer, M Health Fairview
  • Shawn Kammerud – Chief Information Security Officer, Minnesota IT Services, partnering with the Minnesota Department of Health
  • Jim Roeder – Vice President of Information Technology, Lakewood Health System

Key Takeaways:

  • 100% security equals zero functionality
  • Cybersecurity is not preventing all cyberattacks. It is minimizing damage as well as managing/mitigating risks of critical patient data from being disclosed
  • Cyber Finical Risk Models for mid-size healthcare provider – identify top risks, mitigation strategies/impact, and top areas to mitigate residual risk
  • Cyber Financial Models assist in reducing cyberattacks and severity costs as well as increases NIST scores
  • Implement Business Continuity Plans in collaboration with different units
  • Included cybersecurity based exercises with external groups to improve ransomware playbooks
  • Improve third-party risk management
  • Talent and skill shortage for cybersecurity – retain current cybersecurity employees by providing continuous learning and training opportunities
  • Include proactive practices such as reporting phishing emails
  • Adjust and improve cybersecurity culture by allocating funding and focusing on values that protect patients

To learn about Trexin’s Cybersecurity Practice Area, click here:

Trexin’s Cybersecurity Practice Area

Tagged in: Healthcare & Life Sciences, Technology