Tag Archives: cybersecurity

Intalere Member Best Practice Spotlight – The University of Vermont Medical Center – Cybersecurity, Who’s Protecting Your Patients’ Digital Information? Technical Standards Review and the Role Supply Chain Can Play in Enforcement and Compliance

Issue

Many hospitals rely on their suppliers to protect their patients’ Protected Health Information (PHI), leaving both the hospital and their patients vulnerable to hackers, HIPAA violations and unplanned outages due to incompatible and outdated technologies.

Solution

To take the responsibility for protecting patient data out of the hands of their suppliers, The University of Vermont (UVM) Medical Center developed a multi-disciplinary group whose mission was to evaluate all newly-acquired technologies, technology changes and their potential impact on the organization to ensure that they are supportable, secure and highly reliable. The Technical Standards Review Board (TSRB) reviews more than 250 applications per year, an average of 10% of which are rejected due to cybersecurity issues, reliance on unsupported third-party applications/databases or incompatibility with The UVM Medical Center’s technical standards for which no remediation is possible. Another 20% of the applications are rejected and subsequently appealed. The supply chain department will then engage with the supplier to discuss what can be done to address the technical issues. In the vast majority of the instances where an appeal was sought, working with the supplier or revising contractual language has enabled the end user clinicians and their support personnel to be able to safely deploy the best technological solution to fit their needs.

Outcome

Since the adoption of this process, approximately 50 software applications and medical devices per year, that would not otherwise be available to the organization due to technical deficiencies, were able to be deployed to the direct benefit of The University of Vermont (UVM) Medical Center patients.

About The University of Vermont Medical Center

The University of Vermont Medical Center (UVM Medical Center), along with the Larner College of Medicine at UVM and UVM College of Nursing and Health Sciences, is one of 138 academic medical centers in the country. Through The University of Vermont Health Network and collaborative relationships throughout Vermont and northern New York, UVM Medical Center is able to provide the highest quality care, informed by academic research, to patients throughout our region.

Check out the project video and view the UVM Medical Center page in the 2018 Intalere Best Practices Compendium.

12 Things Healthcare Must Achieve Flash Video Series – Protect Yourself

by Julius Heil, President and CEO, Intalere

More than 40 percent of data breaches occur in healthcare, so like it or not, cybersecurity is a boardroom issue for healthcare entities. Today’s hacker is not necessarily a brute force person that goes in and actually attacks your system and figures out where it is most vulnerable. Today’s hackers are more prone to use social engineering. Things as simple as somebody dropping a thumb drive with nefarious purposes outside of a facility. Our good nature as human beings will be to take it inside and plug it into our computers to find out who it belongs to and get it back to them. They take advantage of that. They’ll call in and they’ll pretend to be somebody else, but they hack the user, because if they can get valid credentials at any level, they get access to everything.

In this environment, every healthcare provider must understand how prepared their organization is from cyber-attacks in terms of compromising personally identifiable information or confidential data such as electronic protected health information, and develop a security plan. Plans should include areas such as:

  • Assign security responsibility.
  • Conduct risk analysis.
  • Develop a security strategy and policies.
  • Develop a corrective action plan.
  • Train staff.

As part of their cybersecurity plan, healthcare providers should also include a plan to purchase cryptocurrency. This may seem like a stretch, as this is still a burgeoning and unknown industry, but if you are hacked, every minute you are down, puts you at further financial risk. Cryptocurrency can be purchased and held in reserve as part of a contingency or continuity strategy.

Cryptocurrency is based on the blockchain concept, which is very much currently in use in the financial industry. Its strength is that it offers security through transparency. It’s a distributed system where the information is disseminated to a wider number of systems, but to hack it, unless all 8, 10 or 50 of those systems contain the exact same information at an instance in time, the transaction doesn’t go through. So, in order to defeat it, you would have to hack all those systems simultaneously.

Check out the latest video, Protect Yourself, in our Flash Series and stay tuned in the coming weeks for more posts and videos about 12 Things Healthcare Must Achieve.

You can also download the executive briefing at Intalere.com.