CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
•
1 j'aime•541 vues
CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
Recommandé
Recommandé
Contenu connexe
Similaire à CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
Similaire à CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems (20)
Plus de Health IT Conference – iHT2
Plus de Health IT Conference – iHT2 (20)
Dernier
Dernier (20)
CHIME LEAD DC 2014 “Key Attributes for Success, Challenges and Critical Success Factors” with Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO, SVP, Business Intelligence & Performance Improvement, Bon Secours Health Systems
- 1. Creating an Effective Cyber Security Strategy ________ Key Attributes for Success, Challenges and Critical Success Factors Skip Hubbard, MBA, FCHIME, LCHIME, CHCIO SVP, Business Intelligence & Performance Improvement Bon Secours Health System #LEAD14 A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 2. 2 A $3.4 billion not-for-profit Catholic health system, Bon Secours Health System, Inc. (BSHSI) owns, manages or joint ventures: •19 Acute Care Hospitals ‒14 Owned ‒5 Joint Ventures •15 Post-acute Centers •14 Home Care/Hospice Providers •2.3 Million Patient Care Encounters •9 Communities in 6 states •Over 23,000 caregivers •850 Physicians •60,000 System users •136,000 Clinical Portal users A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 3. What is Needed •Build Relationships •Establish the Culture •Education •Risk Analysis •Build a Core Security Team •Build Infrastructure A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 4. Build Relationships •Board (Governance & Relationship) •Executive Awareness & Support •Internal, Teams Across Disciplines –IA, Privacy, CRO –HR, Legal, Technology … •External Relationships –Law Enforcement –Media Firm –Cyber liability Insurer •Education A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 5. Establish the Culture •Leaders are aware and talk about security •Education of everyone (staff, faculty, physicians, …) •Framework – Detailed Plan – Testing –Are you using NIST or ISO … –Issues and Investigations protocols –Incident Reporting: (PHI, PII, PCI, Hacks) •Do Audits of: –Easy-to-guess password on system audits –Vendor management – SSAE16, SOC2 Type2 Reports –Access modes & points - Cloud computing •In healthcare security involves Privacy & Cyber Security A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 6. Risk Analysis •Risk Assessment: –Part of the companies ‘ERM’ ? –What is your risk tolerance, for each class of data •Level of user access to data & systems •Leakage thru employee – (error, misuse) –"Lifecycle" approach to Policy and Procedures –Technology portfolio •Spending/Budget for Security •Up-to-date ? – –System Patch Levels - Virus Protection Levels A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 7. Build a Core Security Team •Determine Core Security Team –Knowledge of Regulation (Federal & State) •what states people live in, if data accessed –Turnover & Retention –Tools & Training •Incident Response Team Needs –Plans & Escalation plan –Breach reporting –How & Where to document –Where are the logs? Do you have the right logs? Great Workplace A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 8. Build Infrastructure •Understand your environment –DLP, IDS, Firewalls –Segmentation –Strong passwords •Physical Security (& Education) •Encryption - ‘everything’ •Change Management (i.e iOS 8.0.1) •Disaster Recovery •Team training Basic must be in place A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 9. Understanding your Environment •Users –Login patterns (service accounts during night time, login after terms) –Account Volumes –Last used and time since password change –Failed Login Attempts –Internal and External access •Usage –Understand Both Systems & Network Configurations –Identity of New Network Segments –Bandwidth usage of network –FTP (22) and Secure (443) site statistics and destinations –Website attempts; Blacklisted sites (i.e. outbound blocked sites) or do Whitelisting Metrics; There is a strong relationship between metrics and problems A CHIME Leadership Education and Development Forum in collaboration with iHT2
- 10. A CHIME Leadership Education and Development Forum in collaboration with iHT2 Be Prepared •The Board wants answers •HHS-CMS-OCR demands quick answers •Staff wants full access •Your community – Public wants assurances •You want to sleep at night
- 11. Q & A Skip Hubbard Skip_Hubbard@BSHSI.org A CHIME Leadership Education and Development Forum in collaboration with iHT2