On October 9, Nashville-based healthcare security company Clearwater hosted its October cybersecurity briefing on the current threat landscape in healthcare. Steve Cagle, the former CEO of Clearwater and now a Board Advisor following the company’s acquisition by Sunstone Partners, a private equity firm, announced that it was his final time giving the briefing but said that monthly briefings will continue.
Cagle reported that since last month's briefing, a total of 67 new breaches were reported to the Office of Civil Rights (OCR) portal. Cagle shared some “potentially good news”: “Historically, we've seen about 35 to 40 percent of healthcare breaches involving a business associate (BA).” However, Cagle added, “over the last few months, we've actually seen this percentage trend down a bit, with only 27 percent of reported breaches involving a BA in September and August, versus 38 percent in January through July.”
“I've spoken a lot in these briefings about how we're continuing to see successful cyber-attacks occurring with large numbers of patient records at physician practice management groups, specialty care providers, and imaging groups,” Cagle noted. “Last month, the three next largest breaches took place in each one of those types of organizations.” Cagle reminded the audience that healthcare continues to suffer greater losses from cyber-attacks than other sectors.
After presenting the monthly threat report, Steve Cagle spoke with Tracey Touma, Cleveland Clinic’s first Cybersecurity Business Liaison, and asked her what motivated the creation of her role and how it differs from a traditional security leadership position. Touma explained that the role was created to bridge the gap between taking care of patients effectively and ensuring security. Communication with actual clinicians, explaining the benefits of new technology, how it will benefit them, and how it will help provide better care, and giving them a voice is essential, Touma said.
“It's very important at the Cleveland Clinic that we give a voice to all caregivers…we all come together at the table to find the best solution for the best patient outcomes,” Touma said about the creation of the Friends of Cybersecurity Program at the Cleveland Clinic. It’s a quarterly program that provides threat intelligence and project updates.
Regarding automation and artificial intelligence (AI) as solutions to clinician burnout, Touma cautioned that one should be careful. “What does the value bring, and is it really enhancing patient care?” As to security risks involved, Touma added, “There are things that we can do to make sure that we have the security in place to make sure innovation will happen at the rate it needs to, but also not being at risk for the organization or the patients.”
