Corporate

HIMSS 2023 Conference recap

Nicole Janko jpeg

Nicole Janko

Director, HITRUST, ISO, and SOC

Blog Images 2023 Coalfire Main Image Blog HIMSS 800 X420 FINAL

HIMSS 2023, the largest annual healthcare technology conference, was a great success. The conference highlighted the importance of compliance, data privacy, and cyber security for healthcare organizations. With the increasing use of electronic systems and devices, protecting patient data has become a top priority for healthcare providers. In this blog post, we will discuss the key takeaways from the conference and explore strategies that healthcare organizations can implement to mitigate the risks of cyber threats while complying with regulatory requirements.

Key takeaways:

  • Cybersecurity risks are evolving and at the forefront of healthcare executives’ initiatives.
  • Healthcare organizations are using security and compliance to sell their products.
  • Data privacy is still a concern and priority for organizations, resulting in new and innovative solutions.

This year, I had the pleasure of attending HIMSS 2023 in Chicago with my Coalfire team. Over 40K professionals from around the world came together to share ideas, present new innovations, and discuss challenges plaguing the industry. While there was plenty of chatter around buzz-worthy topics like automation, AI, and ChatGPT, many of the conversations boiled down to the nuts and bolts of securing healthcare systems: compliance, cybersecurity, and data privacy.

Compliance

During the conference, speakers strongly advised all healthcare organizations to prioritize compliance and implement best practices to better protect patient data and meet regulatory requirements. HITRUST, a threat-adaptive framework, is an effective way to navigate compliance challenges and ensure regulatory compliance. It provides an integrated approach to risk management, compliance, and security and offers a comprehensive set of controls and a single framework to address common regulatory requirements, such as HIPAA, HITECH, and GDPR.

Cybersecurity

Cybersecurity is a significant concern for healthcare organizations, as the sector is a prime target for cyberattacks. According to recent studies [1], US healthcare organizations experience an average of 1,410 weekly cyberattacks per organization, which is an 86% increase compared to last year. The cost of a breach in the healthcare industry is the highest compared to any other sector, which has increased by 42% since 2020.

Cybersecurity in healthcare involves protecting electronic information and assets from unauthorized access, use, and disclosure. The conference highlighted the need for proper physical security measures to prevent unauthorized physical access to devices and that many legacy systems pose a challenge since they are no longer supported by the manufacturer, and healthcare organizations may not have enough cybersecurity budgets to upgrade them.

Data Privacy

Data privacy came up frequently as an essential issue for healthcare technology organizations. Patients' personal information must be protected, and healthcare providers must comply with privacy regulations. Compliance with regulations such as GDPR and HIPAA is necessary to avoid hefty penalties and reputational damage. Healthcare organizations must take steps to protect patient data from cyber threats. Encryption and access controls are vital for protecting patient data from unauthorized access, use, and disclosure. Email security is fundamental to counter phishing attempts that can compromise sensitive information. Healthcare organizations are also moving away from fax transmissions and are looking for secure electronic messaging options.

The conference highlighted the importance of transparency in how patient data is collected, used, and shared. Healthcare organizations must be fully transparent to their patients because they have every right to know how their data is being used.

Healthcare providers must take steps to protect patient data from cyber threats while complying with regulatory requirements. Frameworks like HITRUST can help healthcare organizations improve clinical decision-making and simplify authorization for services. Encryption and access controls are essential for protecting patient data from unauthorized access, use, and disclosure. Healthcare stakeholders, such as patients, workforce members, and C-suite executives, play a vital role in cybersecurity efforts and need to receive regular security awareness training. By taking a proactive approach to compliance and cybersecurity, healthcare organizations can mitigate the risk of cyber threats and protect patient data.

It was nice to see such a wonderful turnout this year. It was so much fun taking our Coalfire flag around to different groups and making so many connections. We, of course, enjoyed seeing everyone’s swag of choice this year and all the creative booth designs. Overall, it was a successful event, and we can’t wait to see everyone next year at HIMSS 2024!