HIMSS 2017: Data Security Highlights

Posted By: Jim DeLorenzo
23 Feb
Categories : Data Security            Leave a comment           

With our Healthcare Data Threat Report announced just this week, I was not surprised to see that one of our key findings aligned with the topics being discussed at the HIMSS conference. Based on my observations on the exhibit floor as well as my conversations with healthcare IT professionals and security consultants, one key theme from the report bears out: When it comes to protecting electronic personal health information (ePHI), the focus for many healthcare IT teams is still on traditional security measures.

For example, I spoke with a handful of consultants who help healthcare networks assess and improve their risk postures. All of them agreed that the tools of choice are network and endpoint security tools – i.e. firewalls and antivirus solutions. Accordingly, network and endpoint security messaging was well represented in the exhibit hall.

When it comes to advanced data protection measures like data encryption with strong key management, consultants encourage the use of such measures to render breached data unusable. But IT teams see it as a “to-do,” not a top priority – or they have the perception that it will be too difficult or slow down workflows. In instances in which an organization does use built-in database encryption, the security team doesn’t always have a solid grasp of key management, and so they may have a false sense of security.

Two other trends that are particularly exciting to us at Thales e-Security are:

  • Cloud computing and storage: The healthcare industry is increasingly adopting the cloud, and hospital networks are realizing the significant cost savings of contracting their data-center operations. This opens up important questions having to do with whether the data is being held in compliance with HIPAA-HITECH; whether ePHI is being encrypted and, if so, where the keys reside; and whether organizations can port their data from one cloud provider to another if needed.
  • Medical device security: I was excited to see a number of educational sessions dedicated to this topic, along with a handful of vendors with IoT messaging in their booths. Groups like the Medical Device Security Information Sharing Council (MDSISC) and NH-ISAC are focusing much-needed attention on medical device security, and there is growing momentum for security to be incorporated at the point of manufacture as opposed to being an afterthought.

I look forward to seeing how the rest of 2017 plays out and how these trends will impact the 2018 HIMSS conference. I suspect that both the cloud and IoT will be widespread across the educational agenda and on the exhibit floor.

5 Steps to Win over the Channel – and Best Position Your Products
Quantum Resistance – An Addition, Not a Replacement
Jim DeLorenzo

Written by Jim DeLorenzo

View all posts by: Jim DeLorenzo