George Pappas, CEO of Intraprise Health, works with various healthcare organizations across the healthcare industry and healthcare ecosystem to help address cybersecurity risks. While recent cyber attacks have raised awareness about the need for better cybersecurity measures, the complexity of healthcare IT systems creates significant challenges for comprehensive risk management. Proactive measures, including employee training, enhanced identity confirmation, and limiting access, are critical to mitigating the risk of cyber attacks.

George explains, "The net situation is that these large technology companies that serve healthcare and hospital systems and large medical practices change are clearinghouses, revenue cycle managers, and manage real-time price transparency. What medication management companies manage is so complicated, and they have so many ways that something can be attacked. As you mentioned at the beginning, the attackers are getting very clever and sharing a lot of their methods, so you have to do a comprehensive continuous review of your entire cybersecurity posture. Because if you don’t, there are invariably going to be challenges and small things that are small at the time that end up not being small and being the way that an attacker got in."

"And in the case of Change, it was a multifactor authentication problem accessing a certain system through a certain technology stack that was rather old. But these things exist in companies this size. They have tens of thousands of machines and have accumulated different companies they acquired over time with different technology systems that don’t all work together. So, the vulnerabilities are there, and they require comprehensive risk management and some candidly, more investment than we’ve seen to address fully."

"I’ll give you another example. So maybe it helps your listeners place this a little better. If you think about someone who has a home and is trying to protect their home from all the various threats or things that can happen. Well, their home insurance company requires them to have a smoke detector and carbon monoxide sensor. They get a credit on their policy. If they have a burglar alarm system, they might have a ring doorbell camera or any number of things like that. What you see across the industry is these large hospital systems, small hospital systems, doctor’s offices, and they’re doing those basic things. But here’s the issue. In that same house that I mentioned, you could have 30 windows, the roof might be a little old, you might have a ground floor, and a door that has glass could be easily broken if someone tried to break in."

#IntrapriseHealth #HealthcareCybersecurity #PatientDataProtection #CyberThreats #HITRUSTCompliance #RiskManagement #DataPrivacy

intraprisehealth.com

Listen to the podcast here