Managing security in a healthcare environment during COVID-19 is not for the faint of heart. Steward Health Care CISO Esmond Kane discusses the impacts and opportunities of managing cybersecurity in a pandemic.
On today’s episode of In Scope, host Mike Murray is joined by Esmond Kane, Chief Information Securities Officer at Steward Healthcare. Their conversation begins with Mike asking Esmond about his experience working in an early COVID hotspot. Esmond explains he had just recently joined the organization when COVID first hit. They quickly became the nation’s first dedicated COVID treatment facility. They dealt with the immediate issue, and he hopes some of the preparation work they did will help communities who are now a hotspot. The pandemic, Esmond explains, tested the organization’s resilience.
Esmond explains that many transformations have happened in healthcare over the course of the pandemic. Things like waiting rooms, elective procedures and visitors were now potential sources of infection and had to be stopped and reimagined. Digitally, the hospital also had to come up with new strategies, both for patients and for internal work. Telehealth, Esmond explains, had to be ramped up almost overnight. They’ve also had to rely more heavily on Teams and video conferences to increase telework and collaboration across technology. A lot of securities teams are overstressed and the pandemic only adds to that stress and fatigue. Esmond stresses that you have to think about your staff and their morale and leaders have to remember the human element.
Next, Esmond and Mike discuss the increase in attacks on healthcare systems. Esmond explains that there has been an increase in phishing during COVID. On top of that, security professionals also had to begin thinking about working from home, and securing home networks, as well as teaching employees good physical printing, and shredding practices at home. The bad guys, he explains have not taken a break. OCR relaxed some regulations on platform use for telehealth as well as giving some privacy exemptions. Esmond explains that while he thinks they did great, these exemptions will not last forever, and organizations should be thinking about how they’ll get ahead of the changes that are coming.
Increasingly through the pandemic, the idea of telehealth and wearable medical technology is growing. Esmond believes that they can be beneficial, but expresses his concern that when you’re not paying for something, you may be the product. When it comes to data there is money to be made in being insecure, healthcare professionals have to be especially careful moving into more digital spaces. There’s a lot of elementary blocking and tackling that needs to happen in healthcare, Esmond explains. Biomedical device security and wearables is a huge space where the healthcare industry needs to rigorously work on privacy.
The episode ends with an installment of Vital Signs, a segment on the updates in the healthcare security community. Medical devices are expensive, and because of the price they can’t be updated regularly or replaced at any time. There have only been security requirements for these types of devices for about six years. One of the first big hurdles to jump in the medical device community is the useful life principal. So that healthcare organizations can spend millions of dollars on machines that will not only last a long time physically, but also digitally secure.
0:22 – Mike introduces today’s guest, Esmond Kane.
1:40 – Mike asks Esmond about his experience as a CISO during COVID.
4:20 – Mike asks what type of digital transformations his organization has experienced over 2020.
8:56 – Esmond talks about the importance of empathy for patients and staff.
14:15 – Esmond and Mike discuss how the bad guys used the pandemic.
19:07 – Mike asks Esmond about OCR regulations on telehealth.
23:34 – Esmond and Mike discuss privacy and the future of medicine.
28:52 – Mike asks Esmond what the future of healthcare looks like.
33:43 – Vital Signs – healthcare security update.