Dive Brief:
- John Muir Health, a Walnut Creek, CA nonprofit, has announced Thomas August as its new chief information security officer.
- August has more than 20 years of experience, and previously served as director of information security at Sharp Healthcare (San Diego). Here, he developed strategic IT risk management plans for 16,000 employees in seven hospitals, two medical groups, a health plan and various shared services.
- John Muir has a network of more than 5,500 employees and 1,000 primary care and specialty physicians, with medical centers in Concord and Walnut Creek, California.
Dive Insight:
As hackers continue to target valuable healthcare data—most recently the breach of CareFirst that impacted over a million consumers—the CISO role is becoming increasingly important. The tough part for hospitals is finding qualified candidates. The industry put security concerns on the backburner for so long, that good hires are few and far between, and expensive.
That said, they're probably worth the money: Since there are so many changes and evolving threats, "no internal IT department can be expected to keep up," says Ben Desjardins, director of security solutions for Radware, whose organization worked with Boston Children's to mitigate the Distributed Denial of Service (DDoS) attacks. Internal IT teams will need a strong executive leader to manage security strategy and involve the appropriate external vendors.
"It's important that IT teams have trusted vendors that can bring expertise," Desjardins says. When vetting potential partners, an organization should investigate whether an organization can go beyond just protect data from a basic breach. "You need know vendors that also know how to protect you from availability attacks against your network," he says.
John Muir Health has a few other IT projects currently underway, notably plans to develop a regional healthcare network with UCSF Medical Center. As part of the process of the new regional network, UCSF Medical Center and John Muir Health will coordinate their Epic electronic medical records systems and patient communication portals to enable better physician and patient communications.
Want to read more? You may enjoy this story about data attacks on the rise in 2015: How hospitals can manage the risk.