Baking in the basics: Hospital IT leaders outline ingredients for robust cybersecurity programs

By Katie Dvorak

The most important ingredients for any hospital's security program at first blush may seem quite simple: A mix of encryption here, a dash of employee education there, then sprinkle on security software, patching and incident response.

However, without these tools, no hospital's security will ever be fully baked. That's something the IT leaders at Oklahoma-based Integris, Minneapolis' Fairview Health Services and Susquehanna Health in Pennsylvania know full well.

"Don't get too blinded by the latest, most innovative security tools," Barry Caplin, chief information security officer at Fairview, tells FierceHealthIT in an exclusive interview. "Can you count your stuff? Can you do some basic education for employees? Do you have some basic email controls in place?"

That's not to say that the security recipe can't be tinkered with, the executives note. But healthcare also does not need to forge an entirely new path.

As far as incidents involving ransomware and the attacks last year on payers, "there was nothing new about those attacks," Mike Wood, CISO at Integris, says in an interview. "They relied on older techniques, like phishing, which has been around a long time.

"There's nothing forcing us to change the path that we're on," Wood continues. "It's constantly progressing down that path and getting better at our IT and security practices."

Still, as security incidents continue to make national news, high-profile cases "in the long run" prepare healthcare security executives to protect their data even better, making them more aware, more sensitive and more conservative, according to Susquehanna CIO Tim Schoener.

In this FierceHealthIT special report, Caplin, Wood and Schoener discuss their organizations' security culture, their greatest security challenges, how they are keeping employees educated and more.

Baking in the basics: Hospital IT leaders outline ingredients for robust cybersecurity programs