The uptick of ransomware and other cyberattacks in the healthcare sector has prompted RWJBarnabas Health, an integrated healthcare system in New Jersey, to make a number of important moves to help prevent, detect and respond to breaches, says CISO Hussein Syed.
The changing threat landscape has "prompted us to do a number of focused risk assessments in areas where we can identify gaps [for] potential breaches of data or compromises of systems. And we are taking steps to implement new tools, processes, procedures, policies ... and training to educate users, and augment that with technical controls so that nobody can break into or infect the systems," he says in an interview with Information Security Media Group.
RWJ Barnabas was an early participant in a new service being unveiled at HIMSS 2017 Conference by VMWare and Intel Health and Life Sciences. The two companies' Healthcare Security Readiness Program offers healthcare organizations free assessments of how their security readiness programs compare with healthcare industry benchmarks. That new assessment service has helped RWJ Barnabas in scoping out its multiyear plan to improve its security controls, Syed says.
Those efforts to bolster security to prevent breaches at RWJBarnabas include implementing microsegmentation of networks and installing new DDoS and web application firewalls, he says.
In the interview (see audio link below photo), Syed also discusses:
- Other steps his organization is taking to enhance information security and defenses against breaches;
- Steps all healthcare entities need to consider taking to advance ID and access management;
- Today's top cybersecurity threats and challenges.
Syed, who will be presenting at HIMSS17 on the topic of "Securing the Next-Generation Healthcare Enterprise," is CISO of RWJBarnabas Health, which was formed as a result of the March 2016 merger of Barnabas Health and Robert Wood Johnson Health System. The New Jersey organization includes 11 acute care hospitals, three children's hospitals and a medical group. Syed and his team are responsible for security management planning and execution to align with the strategic goals of the health system. The CISO has more than 25 years of experience in IT, of which 15 years are in information security.