COVER STORY · STATE OF THE INDUSTRY What has your recent experience of cyber

threats and attacks been? • More challenging than a year ago: 52 percent • Less challenging than a year ago: 8 percent • About the same: 39 percent Has your organization experienced a

malware or ransomware attack that has led to a significant disruption of EHR and clinical systems usage? • Yes: 20 percent • No: 80 percent Have you implemented significant net-

work segmentation, including around your EHR, medical device, and other critical clinical information systems and computer- ized devices? • Yes: 52 percent • No, but plan to: 25 percent • No plans to do so: 23 percent How often do you perform backups on

your core information systems? • Daily: 59 percent • Between daily and once a week: 24 percent • Between once a week and once a month: 9 percent • Between once a month and once a year: 7 percent • Less often than once a year: 1 percent Have you engaged the services of an

external security operations center (SOC)? • Yes: 31 percent • Not yet, but plan to do so: 16 percent • No plans to do so: 53 percent Does your organization have a CISO

(chief information security officer)? • Yes: 41 percent • Not yet, but we plan to hire one: 12 percent • No plans to hire one: 47 percent To whom does your CISO report?

• CIO: 25 percent • CTO: 6 percent • CFO: 5 percent • COO: 8 percent • CEO: 27 percent • Other: 28 percent When asked whether it surprised

him that only 20 percent of respondents had reported a significant disruption to EHR or other critical information systems, Kravitz said, “It’s important that your survey had asked about attacks that have led to significant disruption of EHRs and other core information systems.” Most hospital- based organizations have experienced attacks, he notes, but at his organiza- tion and others, adequate cybersecurity processes have kept core information systems intact. When it comes to network segmenta-

tion, Kravitz says, “Network segmen- tation is hard to do, especially if you

become an integrated delivery network or system. And if you have very strong network segmentation, it’s hard to produce economies of scale. I know it’s a concern, I know it’s important. And you’ve got VLAN-ing [VLAN: virtual local area network] going on,

“Culture may be the biggest thing holding us back; technology moves fast, but organizations move slowly. We need to be able to respond to this era of cultural change.” —Tim Zoph

and different segments of the network are connected differently. We do have all of our medical devices segmented, which is a challenge in terms of lots of proprietary OSes. And it can be tens of millions of dollars to do physical net- work segmentation. There are so many devices that may talk back and forth through the Internet. Cyber-walling those off is especially important. And it’s hard to do, because everybody gets busy and moves onto the next thing. You have to lock the devices down tight. And a majority of CHIME mem- bers have been trying to secure their networks as tightly as they can.” Given, if a system has been corrupted

and then continues to be backed up, that those backups could perpetuate the corruption, what about the ques- tion of audits of backups? “That’s abso- lutely right about corruptly backed-up EHRs,” Kravitz says. “One important element is that you have to do recovery in order to make sure your applications can come back. You have to be able to recover your EHR to a test level. Doing the recovery is critically impor- tant, and we do the recovery testing within Geisinger quite often. We take that very seriously, and as a whole in the industry, a whole lot of knowledge has to be shared around recovery and backup processes. People think they understand it, but it’s complex.

An evolving landscape There is so much work that CIOs and other senior healthcare IT leaders need to do, in all of these areas, as the U.S. healthcare system moves forward into 2021 and beyond. What are the most


important things for them to do right now? “I think there are a lot of shiny pennies out there right now; health IT leaders really need to be focusing on implementing tools that genuinely make it easier [for physicians] to practice,” Brown & Toland’s Robison says. “There are a lot of fun things, and nice-to-have things, but with physicians being so busy, it’s got to be about streamlining their work lives; they can’t be one-offs.” Impact Advisors’ Zoph, who spent

years as CIO at Northwestern Medicine in Chicago, says, “I feel like this is really a formative time, but also a time of real transition in health. I think this notion of where we are with virtual and digital care, we’ll see a continu- ing acceleration of that, and we’ll see patients interacting more virtually with their providers and health systems. I’m bullish on what that represents for health IT; we got a real push on that in terms of the pandemic, and I think that won’t go away. Analytics will continue to drive care delivery advances, and I think process automation is coming. In terms of discovery and research, we’ll

“The social determinants of quality will pose both an opportunity and a challenge. There are a lot of factors that come into play in terms of how to better deliver care and achieve holistic outcomes—how to integrate mental health back into care as well as nutrition, transportation, etc. That’s something that the entire healthcare industry has to prioritize.” —Kelly Robison

see AI helping to move those forward. I’m as excited as I’ve ever been about the future of healthcare. Culture may be the biggest thing holding us back; technology moves fast, but organiza- tions move slowly. We need to be able to respond to this era of cultural change. Those that get out in front and respond to it, instead of leaning back, will be the winners in their markets.” HI

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32