Paubox at the HIMSS Annual CXO Forum

Featured image

Share this article

Paubox at the HIMSS Annual CXO Forum
The CISOs panel from left to right, David Finn (Symantec), Tom August (John Muir Health), and Auston Davis (Stanford Children’s Health).

Last week, Paubox attended the HIMSS Annual CXO Forum. The event took place at the beautiful headquarters of Symantec. This year’s topic for the forum revolved around the theme of cybersecurity. How is cybersecurity defined? What kind of threats are out there? And is healthcare prepared for these threats? These are all the questions that the speakers of the forum were helping to answered. Paubox learned many things from the forum and have our top 4 takeaways.

The top four takeaways for the Annual CXO Forum are:

  1. Cybersecurity in healthcare is still lacking– despite all the news coverage over the past year regarding hacks in healthcare, the entire system is still playing catch up. During the forum, there was consensus that the healthcare industry is not spending enough on security. In fact, healthcare on average spends less than 3% of their IT budget on security, compared to the financial industry, which typically spends about 12%.
  2. Vulnerabilities are plenty in healthcare- almost unanimously all the cybersecurity experts at the forum concluded that there are far too many vulnerabilities in healthcare. The vulnerabilities come from a variety of sources, phishing, malware, theft, and even medical devices.  The theme seems to be that organizations must prioritize the threats that they can be successful at for the time being.
  3. Vital devices responsible for vital organs are a threat– medical devices such as pacemakers and insulin infusion pumps are very much at risk for cyberattacks. In recent years there have been proven cases of such medical devices being hacked, the Hospira infusion pump hack is a great example. What makes these threats even more unbelievable is the lack or regulation. The FDA has deemed that all Medical Device Data Systems (MDDS) and EHR are low risk and users are in charge of assessing their own safety. This means that healthcare organizations must be proactive and take it upon themselves to determine the risk of these devices for their patients.
  4. Security is not about technology, but about people- cybersecurity as much as it is about technology, still comes down to people. The consensus amongst the CISOs (Chief Information Security Officers) was that the most important and most challenging aspect of cybersecurity for a healthcare organization is staff training.  It comes down to being able to communicate clearly with your staff about the risks and threats, building their awareness. Making the training personal and relevant is a very effective way to educate and increase adherence for staff members.
Paubox at the HIMSS Annual CXO Forum
Michael Garvin of Symantec demonstrating a simulation of a hack into a hospital’s network.

The forum was incredibly well put together, due largely to the wonderful staff at the Northern California Chapter of HIMSS . Every seminar was filled great material and learning opportunities. Overall, the event demonstrated to Paubox that we are on the right path. Healthcare as a whole industry has a lot of vulnerabilities when it comes to cybersecurity, but it is working hard to fix these problems. As a provider for HIPAA compliant email, we are glad to be along for the ride and look forward to making a significant contribution towards improving the status of healthcare cybersecurity.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022