Live from CHIME CIO Forum: Security Draws Increasing CIO Focus

April 13, 2015
The recent flurry of high-profile hacking attempts has moved security higher on the agendas of health system CIOs. Speaking at the CHIME CIO Spring Forum on April 12 in Chicago, Patricia Skarulis, CIO at Memorial Sloan Kettering Cancer Center, gave her colleagues some insights into the security challenges her organization faces.

The recent flurry of high-profile hacking attempts has moved security higher on the agendas of health system CIOs. Speaking at the CHIME CIO Spring Forum on April 12 in Chicago, Patricia Skarulis, senior vice president and chief information officer at Memorial Sloan Kettering Cancer Center (MSK) in New York, gave her colleagues some insights into the security challenges her organization faces. Although MSK has a chief information security officer, Skarulis must keep her focus on security as well. “Our spending on security has increased enormously. I spend 15 to 20 percent of my time on security,” she said.

She noted that today’s hackers are highly organized criminal organizations or state-sponsored. “Phishing is growing in sophistication,” Skarulis said.  Years ago, the messages would have improper spelling and grammar. But now they grab the organization’s logo and look like communication from the institution. There are more instances of “spear phishing,” or targeting of doctors with personalized messages about their work or research. She said banks that have been hit by these spear phishing campaigns have started to tell their employees not to put anything on their LinkedIn profile about their work.

MSK has adopted data loss prevention software to address the problem and finds many instances of protected health information (PHI) being sent over e-mail. “We also are doing penetration testing,” she said, adding that MSK has worked to improve its training for employees who click on a link in a phishing campaign. Every breach or near breach they’ve had traces back to well-meaning staff making mistakes, she added.

Skarulis said the organization also recently moved to two-factor authentication. “If you don’t have two-factor authentication for outside e-mail you are courting disaster,” she told attendees. (By the way, in the 20 minutes it took to write this story, I received a phishing attempt e-mail.)

At the same session Ed Marx, senior vice president and chief information officer for Texas Health Resources, offered CIOs some ideas about employee engagement. He said it was important to be available to employees and purposefully have lots of interactions. He takes the long way on trips to the restroom and realizes the round trip might take 20 minutes because he has lots of interactions on the way. “Let people touch you,” Marx said. “Make yourself available.”

He added that building relationships with staff members is key to employee engagement. “Over half of Texas Resources’ 600 IT staffers have been to my house,” Marx said. “We celebrate all the time.”

Marx said CIOs should help give their teams a sense of purpose beyond collecting paychecks. If you ask Texas Health Resources IT staff their purpose, they all answer, “We save lives.” They are highly engaged as a result. He also asks employees to identify their personal goals and helps them to achieve it. He noted that he is gratified that 12 current CIOs, 11 of them in healthcare, used to report to him.

Sponsored Recommendations

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...