More than 80 cybersecurity professionals from more than 30 health organizations throughout the area came to UNMC and Nebraska Medicine Wednesday as the campus hosted a National Health-Information Sharing and Analysis Center (NH-ISAC) regional conference on best practices in cyber-security.
The conference was opened by Michael Ash, M.D., chief transformation officer at Nebraska Medicine and assistant professor of internal medicine at UNMC.
Sharon Welna, UNMC’s chief information security officer, said the level of interest was high because of the rising number of cyber attacks against health care organizations.
“A health care record on the black market is worth a significant amount of money,” she said. “Even social security numbers and credit card numbers are not worth that amount. So health care organizations and hospitals are huge targets right now.”
Health care records can be used for identity theft or insurance fraud, she said.
The conference focused on how to protect organizations against attacks and the best security practices from a national level, as well as what actions are being taken on a national level to protect the industry.
Topics included:
Cyber threat landscape — A high-level overview of the various cyber threats facing health care and potential impacts to health care organizations.
Importance of information sharing — The role of information sharing in helping protect health care organizations from potential threats through situational awareness and mitigations strategies, featuring an overview of how organizations share with each other and government agencies, illustrated by case studies of successful sharing.
The National Institute of Standards and Technology’s (NIST) cyber security framework basic best practices in cybersecurity — A discussion of simple strategies that health care organizations can employ, such as antivirus, training and patching that will help protect against cyber threats. The session covered best practices used within industry and offered practical insights from cyber security practitioners.
Speakers included Edward Brennan of NH-ISAC and Ken Durbin of cybersecurity company Symantec.
Brennan said a grant has allowed NH-ISAC representatives to visit areas around the country to “foster better information sharing and better cyber resiliency for health care, particularly around providers and the smaller hospitals, the smaller pharmeceuticals.”
The array of recent attacks shows that the health care industry is a serious target for cyber criminals, Brennan said.
“So identity protection is extremely important, especially with PHI (personal health information) HIPAA regulations,” he said. “We’ve been lucky, and we’re running out of luck. So the quicker we get people into a resilient environment, the better off this country is going to be.”