Over 100 Total Lots Up For Auction at Two Locations - WA 11/05, PA 11/06

Q&A with Lee Kim

by Lauren Dubinsky, Senior Reporter | October 16, 2014
Lee Kim
Hospital security breaches have become a major issue in the U.S. In 2014 alone, 55 security breaches were publicly reported in the health care industry, according to the Privacy Rights Clearinghouse.

Lee Kim, director of privacy and security at HIMSS North America, spoke with DOTmed News about why it's a big problem today and what can be done to try to avoid security breaches in the future.

DOTmed: Why should hospitals care about cybersecurity?

LK:Cybersecurity is not just a concern for IT staff. It is a concern for anyone who handles health care data. Cybersecurity is everyone's shared responsibility.

If you want to keep your information private, keep it secure. If your information is in electronic form, then you need to protect it through electronic means. Care of the patient should include care of their data. Data drives decisions relevant to patient care.

DOTmed: Why have hospital security breaches become such a major problem today?

LK:Risks to the security of information have grown. There are much more data, devices, and applications to contend with. Data can be lost, stolen, or leaked and there are many more opportunities and means for such incidents to occur in 2014, compared to one year, five years, ten years, and twenty years ago.

DOTmed: Is there any way that the breaches could have been avoided, as well as any potential future breaches?

LK:In order for breaches to be avoided, your cybersecurity defense needs to be 100 percent effective all of the time. Breaches can sometimes be avoided through appropriate planning and execution of resources to prevent the breach.

But, when breaches cannot be avoided, you must proactively contain the breach. As an analogy, chemical spills do happen - there are ways in which some spills can be prevented; but if a chemical spill does occur, you have to proactively contain the spill before further harm can occur. The same thing is true for data - you need to stop the bleeding of data, once that breach does occur, by containing the breach.

Cyber attacks are a growing concern for health care organizations. With the growing sophistication of cyber attacks, our cyber defenses become more sophisticated as well. We can learn from the mistakes, fumbles, and failed attempts by cyber attackers trying to get access to our health care data.

Learn from unsuccessful security incidents, in addition to the successful ones (which may rise to the level of a breach), in order to become more resilient to cyber attacks and intrusions, and to help build actionable threat intelligence. Continually analyze and learn to stay ahead of the threat and use a holistic, community-based approach to health care information security.

DOTmed: Do you think this issue will continue to persist or do you think it will be resolved in the near future?

LK:This issue will continue to persist, but innovation in terms of know-how, processes, and technology will help us provide solutions to keep information private and secure. We need to keep fighting the good fight to protect our resources, data, and all else.

You Must Be Logged In To Post A Comment