WEDI-Con: Hospital cybersecurity about investment protection

As Director of IT Security at Children's National Medical Center, Chad Wilson believes his job is not to "implement a bunch of widgets and speak a foreign language," but rather to protect the investments of his facility.

Speaking this week at the Workgroup for Electronic Data Interchange's annual conference in Reston, Virginia, Wilson and Nathan Gibson, director of IT operations at West Virginia Medical Institute, discussed the challenges of keeping healthcare facilities secure from cybersecurity threats while balancing maintaining provider and patient convenience.

According to Wilson, the most value can be derived from security investments when different technologies play well together.

"You can have something on your computer talking to something on the network--if those two are sharing information, in the military they call that a force multiplier," he said. "If your technology is integrated and talks to each other, that's where your value is."

Visibility, Gibson said, also is crucial to cybersecurity efforts, and something that doesn't require a lot of technology.

"If you can't see [a threat], you can't fix it; if you can't stop it, you can't protect against it," he said. "Most of that is around management process and people. When it comes to people, process and technology, you should divorce the three. Technology's really important, but you have to look at your process, as well, and the people who are managing it."

Wilson echoed Gibson's sentiments, saying that visibility must be a proactive effort.

"Organizations are getting attacked," he said. "Our organization gets attacked, just like everyone else's. We have thousands of attacks a month. … We're able to stop those attacks because we can see them. It's when you can't see them, that's when you need to start worrying."

Wilson added that security measures need to be balanced with services provided to patients.

"Keep in mind that we're taking care of, in our case, kids; your kids, my kids," he said. "We want to keep their information safe so when they turn 18, they don't have $100,000 in debt they didn't know about."