Digital Transformation: A Secure Connected Healthcare Ecosystem
The Center for Digital Strategies (CDS) at the Tuck School of Business at Dartmouth and the Owen Graduate School of Management convened a workshop focused on information security in the healthcare industry. The health ecosystem represents diverse participants from large corporations to individual practices: Care providers, outsourced service providers, pharmacies, pharmaceuticals, claims processors, payers, device manufacturers, and other suppliers/vendors. Arguably more than any other value chain/network in any industry, these healthcare players must be able to share information and provide services securely in a world undergoing digital transformation. Intelligent adversaries exploiting vulnerabilities in any part of this ecosystem create incidents that rapidly propagate to unsuspecting members. Hospitals, suppliers and payers alike face risks ranging from theft of private information, hold-ups, denial of service attacks, and fraud. Providers and device manufacturers face risks from device compromise. Individuals face risks ranging from privacy violations to medical identity theft and personal harm. In the increasingly connected health delivery system, innovative solutions are required to ensure uninterrupted communications, service availability, and protection of critical individual, corporate or government data and information.
Key Insights Discussed in this Article:
- Information security threats are coming in new forms, from new directions. From data tampering to BYOD issues, risks are proliferating.
- Vendor security is becoming more difficult and more important. Vendors are accessing data in more ways than ever, and the number of vendors is growing.
- Medical devices are a growing security risk and a real worry for CISOs. New medical devices are still being built without a strong security mindset, and being used more often in locations outside of care facilities including patient homes.
- New devices, software and strategies are emerging to keep information more secure. Solutions are coming in many shapes and sizes, representing a fragmented approach to information security problems.
- There’s no consensus on where information security lands on the org chart. Most agree it depends on the corporate structure and culture at each organization.
- CISOs are working to share ownership of information security risks across the organizations. Creating buy-in outside of a traditional security roles and documenting responsibility for the people closest to the risks is imperative.
- There isn’t a talent gap in the information security workforce, but a skills gap. The challenge is to train people to apply their talent in a security role.
- Getting sufficient resources for information security is about showing ROI and total cost of ownership. CISOs are wise to frame information security costs in terms of their role in responding to and reducing risks.
The workshop was conducted in “Old Mechanical,” one of the oldest buildings (1888) on the Vanderbilt University campus, and the former home of the mechanical engineering school. Funding was provided by a National Science Foundation grant led by Dartmouth Professor David Kotz, called Trustworthy Health and Wellness (THaW). THaW, according to its mission, “to enable the promise of health and wellness technology by innovating mobile- and cloud-computing systems that respect the privacy of individuals and the trustworthiness of medical information.”