Cybersecurity and IoT in Healthcare: Three Paradoxes and the Need for a Paradigm Shift-A CIO Perspective
Giuliano Pozza
Chief Information Officer (CIO), S. Raffaele Hospital
President of the Italian Association of Healthcare Information System Professionals
Politecnico di Milano, Campus Leonardo
EG.2 Room (building 21, basement floor)
November 23rd, 2018
2.30 pm
Contacts:
Enrico Caiani
Research Line:
Analysis of biological systems and e-health
Chief Information Officer (CIO), S. Raffaele Hospital
President of the Italian Association of Healthcare Information System Professionals
Politecnico di Milano, Campus Leonardo
EG.2 Room (building 21, basement floor)
November 23rd, 2018
2.30 pm
Contacts:
Enrico Caiani
Research Line:
Analysis of biological systems and e-health
Abstract
The world of information and data management in healthcare (HC) is changing faster than anyone could have predicted a few years ago and attention to sensitive data protection is growing, as the new European General Data Protection Regulation (GDPR) is clearly proving. One of the crucial “pain points” of HC CIOs is definitely security, albeit IT security is not in any way a neglected item in CIOs’ agenda. 2015 was an annus horribilis for data breaches in HC, with more HC records stolen than at any other time since records started being kept in the USA. According to the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) mid-year summary on data breaches, the trend is persistent: in June 2016, more than 11 million patient records were exposed and 2017 followed the same tendency. The role of the CIO as the custodian of information and data, in HC or other contexts, is increasingly becoming paradoxical in many ways. We will go through three cogent paradoxes CIOs encounter on a daily basis:
• Paradox 1: There are More Things in Shadow IT Than in Official IT
• Paradox 2: In HC, a Large and Growing Amount of Sensitive Data and the Most Dangerous and Potentially Life-Threatening Systems Are, From the Security Perspective, in a “No Man’s Land” (Call It Shadow IT or Not)
• Paradox 3: CIOs Are Working Hard to Fortify the Walls of the Citadel, but There Is no Citadel to Defend.
Is there any way out of this situation, which reveal an unacceptable risk level, not only for IT security but for patient safety as well?
The paradoxes discussed support the need for a complete change in perspective. The (r)evolution can be articulated in four areas: 1) Strategy; 2) Technology; 3) Processes; 4) People.
The key point is that integration of skills and competencies of different actors (IT Professionals, Clinical Engineers, executives and managers, users…) is crucial for the future of Cybersecurity in the era of IoT in HC (and not only in healthcare).
• Paradox 1: There are More Things in Shadow IT Than in Official IT
• Paradox 2: In HC, a Large and Growing Amount of Sensitive Data and the Most Dangerous and Potentially Life-Threatening Systems Are, From the Security Perspective, in a “No Man’s Land” (Call It Shadow IT or Not)
• Paradox 3: CIOs Are Working Hard to Fortify the Walls of the Citadel, but There Is no Citadel to Defend.
Is there any way out of this situation, which reveal an unacceptable risk level, not only for IT security but for patient safety as well?
The paradoxes discussed support the need for a complete change in perspective. The (r)evolution can be articulated in four areas: 1) Strategy; 2) Technology; 3) Processes; 4) People.
The key point is that integration of skills and competencies of different actors (IT Professionals, Clinical Engineers, executives and managers, users…) is crucial for the future of Cybersecurity in the era of IoT in HC (and not only in healthcare).
Short Bio
Giuliano Pozza - CGGEIT, e-CF Plus (CIO), ITIL V3 - is a biomedical engineer by training and the Chief Information Officer (CIO) of Ospedale San Raffaele, the most important private clinical and research institution in Italy. He is also the President of the Italian Association of Healthcare Information System Professionals (AISIS). Previously, he was the CIO of Fondazione Don Carlo Gnocchi Onlus, a statewide Italian social care and rehabilitation organization. He also worked for Istituto Clinico Humanitas and in the health care practice of consulting firm Accenture. His profile, books, articles and interests are published here: www.yottabronto.it.