SHARE
PRINT 
Keeping patient information secure is at the core of what health information exchange is all about. WISHIN brought together technical and cybersecurity experts at the 2024 WISHIN HIE Summit to discuss the importance of cybersecurity, WISHIN’s security posture and WISHIN’s role as a business continuity solution.
Some of the many statistics that were discussed:
- 68% of all cybersecurity breaches affect healthcare.
- 75% of cyber attacks begin with an email. Clicking on a link or opening an attachment that might seem harmless could be the start of an extensive attack on your network.
- 95% of data breaches are due to human error.
“People will make mistakes,” said WISHIN CEO Steve Rottmann. “What protections does an organization have in place to prevent a single incident from impacting an entire organization? There must be defense-in-depth and appropriate controls to limit and mitigate the risks.”
Kevin Scharnhorst, Chief Information Security Officer for Health Catalyst, said “If your organization is not training and spending time with individuals, you are going to fail.” Scharnhorst said annual employee training and education are critical.
- The average time to detect a security breach is 118 days.
“Think about what can happen in 118 days?” asked Rottmann. “What information can be harvested? What information can be drilled into? Then, what type of vulnerabilities does that offer to cyber attackers?”
Scharnhorst said people and processes are critical in addressing cybersecurity, and so is technology. “You need to know what is in your inventory, both software and hardware devices,” Scharnhorst said, “and staying abreast of that so you know when you need to react.”
“Security is WISHIN’s priority.”
Mark Ziesemer, Azure Cloud and Information Security Architect for Heartland Business Systems, said “As part of the shared responsibility between people, processes and technology, we have to make sure we don’t set up the technology to fail. We can’t allow a single person clicking a single email to have the power to take down an entire organization.”
The discussion turned to preventative measures taken by WISHIN and its partners, Health Catalyst and Heartland Business Systems, to ensure a safe, secure flow of information through the WISHIN system.
“Our participants are entrusting WISHIN with patient information,” Rottmann said. “The security measures – policies, technical controls and training – WISHIN has in place are paramount related to the services WISHIN provides.”
Brian Meyer, WISHIN Director of HIPAA Security and IT, said the partnerships with Health Catalyst and Heartland Business Systems are invaluable. Meyer said the partners have the specialty personnel that WISHIN cannot afford to have on staff.
Rottmann went on to explain why WISHIN works as a business continuity solution. He said recently a participant experienced a cyberattack and WISHIN stepped in to assist, enabling 1,600 users within a week-and-a-half. He said WISHIN provides critical business continuity making available to an organization its own clinical records and access to other organizations’ clinical information when a system is down.
“We, as an organization, are conducting our work at the highest security level,” Rottmann said. “What we’re trying to do is prevent those initial attacks into the network and make sure we have the safeguards and processes to respond and, if necessary, have the backup processes in place.”
“Security is WISHIN’s priority,” Ziesemer said.
“We’re real time, we’re reliable,” Rottmann said. “We have the controls in place, we have the people and processes in place and we have the business continuity and back-up built in.”
To see the entire HIE Summit session on Cybersecurity and WISHIN as a Business Continuity Solution, click here
