John Gomez is CEO of Sensato of Asbury Park, NJ.
Tell me about yourself and the company.
Security has been a huge passion for me. It’s something that I was involved in earlier on in my career and then drifted away from and most recently got back into. Sensato is an outcome of that passion.
The unique part of Sensato is that it focuses specifically on healthcare cybersecurity and privacy, the entire ecosystem of healthcare and healthcare information technology.
How would you characterize the current state of security in healthcare?
It’s scary overall. People are trying, but healthcare is unique. I’ve talked at industry events outside of healthcare in finance and telecom, and when I talk to people about healthcare, they are often shocked about the challenges that a CIO faces.
When I put it into context for people, the average hospital has 300 to 400 systems between HR, finance, and clinical systems. Then you lay on top of that security like webcams and remote door controls and patient access systems and things like that.
It’s just such a huge attack surface for security that for it not to be overwhelming to any CIO would be surprising. That translates into what many would consider a target-rich environment, which translates into a lot of fear.
The Sony Pictures breach proved that any organization is vulnerable if someone decides there’s incentive for them to get into your systems. The FBI had already called out healthcare as being specifically targeted because PHI is valuable. Does that raise the stakes or the level of urgency to do something?
It does in some. If we step back, there’s multiple layers of cybersecurity and cyberterrorism. One area that we don’t talk a lot about is cyberwarfare. The challenge, and I think we’ll probably hear more and more about this from the Department of Homeland Security and the FBI, is that PHI is very valuable and very important. The challenge we have seen with Sony it that it’s almost cyberwarfare, where a foreign state attacks a corporation.
It opens your eyes to the fact that what if through cyberwarfare, hospitals, physician practices, labs, clinics, or retail pharmacies were attacked? What could be done there? It is scary when you think about the amount of systems in healthcare that are Unix-based and how many hospitals still run XP. Sony becomes wake-up call to what can happen if a foreign state decides to target the infrastructure of another country.
If someone wanted to cripple a hospital’s systems, what are the odds they could do it?
I would say it’s extremely high, whether it’s cripple the system or compromise it. The challenge of hospitals is to embrace patients and provide access to family members, that …read more
