Artificial intelligence (or AI) is a hot topic again and we wanted to have a conversation about its use in healthcare, and what are some of the ethical implications of that. If we’re going to use AI for decision support, whether for clinical or security applications, there are questions we need to ask. And we should probably ask those questions before we get too far down the road to AI nirvana. Our guest today is Mike Lyons, Director of Product Development at FairWarning. As you’ll hear in our discussion, the questions are layered, create more questions, and force us to think more deeply about our relationship with technology. Mike addresses promise vs. reality, expectations, decision making, values, the role of vendors, and ethics by design. This Episode’s GuestMike LyonsDirector, Product DevelopmentFairWarningConnect with Mike

Commitment is critical to a successful security program, and that commitment isn’t just to the technology and processes. The human component is especially important, whether you want your customers to have confidence in your organization’s ability to protect their data, or whether you need to persuade the C-Suite that the benefits of a solid security plan outweigh the costs. Is there a relationship between security and the patient experience? Do patients and their families notice security issues when they’re in contact with our clinicians and staff? Does it matter? Welcome to Code Red, the HIMSS’ podcast on information security in healthcare. Our guest on this episode is Dan Dodson, President of Fortified Health Security. Dan and I had a chance to sit down at the HIMSS global conference in Las Vegas to discuss how to better manage the way security is perceived by customers and staff. In this conversation, we also discuss the tricky area of demonstrating ROI on security.  This Episode’s GuestDan L. Dodson, MBAPresident  Fortified Health SecurityConnect with Dan

The HIMSS Cybersecurity Call to Action includes an appeal to use a cybersecurity framework across the sector. There are several out there to choose from and, as we state in our call, HIMSS recommends the NIST Cybersecurity Framework. In our latest cybersecurity survey, we asked respondents whether or not they used a framework, and if so, which one they used. While we learned that the majority of respondents that do use a framework use NIST, HITRUST and Critical Security Controls, we also learned that about 17 percent of the respondents use no framework at all. Welcome to Code Red, the HIMSS cybersecurity podcast. In this episode, we wanted to look more deeply into the issue of frameworks how they’re used and implemented; I spoke to Bayardo Alvarez, director of information technology at Boston Pain Care, and Sean Murphy, Vice president and CISO at Premera Blue Cross about their choice and use of frameworks.As you’ll hear, they’ve made different choices, represent very different organizations, and are at different phases of implementation.   This Episode’s GuestSean Murphy VP, Chief Information Security Officer Premera Blue CrossConnect with SeanBayardo AlvarezDirector, Information Technology  Boston Paincare Center Connect with Bayardo

In the fight to keep health data safe, every node on your network is a potential battlefield.   The fight is easy to notice on the laptops, desktops, smart phones and tablets every time you get a notification a new update or patch has been sent out.  But how easy is it to notice in the next theater of combat, the war to secure connected medical devices? Welcome to Code Red, HIMSS’ cybersecurity podcast.  On this episode, we speak with someone who is focused on battle between hackers and healthcare systems to secure connected medical devices.  We are joined today by George Gray, Chief Technology Officer and VP of Research & Development at smart pump manufacturer, Ivenix.  In a conversation recorded at HIMSS18, George and I discuss the paradigm shift cybersecurity is causing in the medical device marketplace, practical tips for healthcare organizations on how they can protect their networked medical devices, and the role healthcare organizations can play as customers in demanding better security from the medical devices they purchase.    This Episode’s GuestGeorge GrayChief Technology OfficerVice President of Research & DevelopmentIvenixConnect with George {WHITEPAPER} Ivenix: Addressing Cybersecurity in Infusion DevicesRead the HIMSS Interoperability Showcase Whitepaper Ivenix produced for HIMSS18.

If you are trying to figure out if you want to start or advance your career in cybersecurity, this podcast is for you.  Perhaps you are trying to figure out how to build a qualified security staff to protect your information.This podcast is for you.  Welcome to Code Red, the HIMSS security podcast.  In this episode, we speak with Rodney Peterson, Director of National Initiative for Cybersecurity Education at the US Department of Commerce.  NICE is all about security education, roles, and security specialties.  Whether you are a student learning the field, or an employer trying to write accurate job descriptions, this episode is for you.   This Episode’s GuestRodney PetersenDirector of National Initiative for Cybersecurity EducationNational Institute of Standards and TechnologyU.S. Department of CommerceConnect with Rodney

Cybersecurity can be a complex topic, and that complexity seems to increase with each new vulnerability or threat identified.  How do you keep track of everything you’re supposed to do in order to protect your data, your organization, your patients?  Where do you start?  There are tools to help keep track and stay organized, and in this episode of Code Red, we’re going to talk about just one of those tools, the NIST Cybersecurity framework.   Frameworks provide user guidance to help your organization enhance its ability to, in the language of the NIST Cybersecurity Framework:IdentifyProtectDetectRespond andRecoverafter a cybersecurity incident.  In this episode, we speak with Matthew Barrett, Program Manager, Cybersecurity Framework at the National Institute of Standards and Technology, on the ways healthcare organizations can leverage the NIST Cybersecurity Framework to help keep their health data safe.  This Episode’s GuestMatthew BarrettProgram Manager, Cybersecurity FrameworkNational Institute of Standards and TechnologyLearn more about Matthew

What are the security threats your organization perceives to be most urgent to mitigate? Do you have the capabilities to implement those controls? Sometimes you need to go outside and bring in a third party to help. But what do you look for when searching for a vendor? How do you build a true partnership? Finally, is there still room for innovation in the security realm? That’s a lot of questions, and we’ve got the answers! On this episode of Code Red, you’ll hear from Patrick Streck, Senior Director IT at Baystate Healthcare. Our other guest is Aaron Miri, CIO and VP Government Relations at Imprivata. Patrick and Aaron talk about the way Baystate and Imprivata work together to address security issues. This episode is about the customer/vendor relationship, specific to the security space. While these are just two of many providers and security vendors, Patrick and Aaron were kind enough to share some great tips that worked for these two organizations; perhaps these will help you as well.  This Episode’s GuestsPatrick Streck, MBASenior Director, IT Baystate HealthcareLearn more about PatrickFollow Patrick on Twitter: @PatrickStreck Aaron Miri, MBAChief Information Officer Vice President, Government Relations ImprivataLearn more about AaronFollow Aaron on Twitter: @AaronMiri

Imagine you work at a hospital and you are responsible for the health and wellbeing of thousands of patients a year. That’s not such a stretch. Many of us listening to this podcast are in this situation. You are in charge of the information systems at the hospital and all the data is your responsibility, whether clinical or operational. And you’re responsible for maintaining the privacy and security of that data. Let’s add a little pressure: imagine your hospital is attacked by hacktivist group with a political agenda—and, it’s a children’s hospital. What would you do?Welcome to Code Red, HIMSS’ cybersecurity focused podcast. In this episode, we hear from Daniel Nigrin, MD, MS, Sr. Vice President and CIO at Boston Children’s Hospital. Dan shares his story of how Boston Children’s handled and survived an attack by the hacktivist group, Anonymous.    This Episode’s GuestDaniel Nigrin, MD, MSSr. Vice President/CIO Boston Children’s HospitalLearn more about DanielLearn about Boston Children's Hospital

There’s a shortage of people qualified to work in cybersecurity, and we need to do something about that. But what is that “something?” Let’s be honest here, we’re not going to change that situation overnight. It takes years to acquire the kind of skills needed to pursue the education, experience and credentials required. But what can we do in the meantime? We’ve said it before on Code Red: we’re all involved in security, to one degree or another. What can we do to effectively raise awareness and change behavior?This episode’s guest offers some insights. While at our annual conference in Orlando, Code Red sat down to discuss these and other issues with Servio Medina, CISSP, Chief Operating Officer of the Cybersecurity Policy Branch at the US Defense Health Agency. Servio sees opportunities in changing the way we think about educating each other in this field, and discusses burnout, math, lifestyles and other topics, and how they relate to cyber-education. After listening to this episode, the phrase “It makes sense to me” will take on a whole new dimension. This Episode’s GuestServio Medina, CISSPCheif Operating Officer, Cybersecurity Policy BranchUS Defense Health AgencyLearn more about ServioFollow Servio on Twitter: @serviofmedinaLearn about the US Defense Health AgencyThis Episode’s Audience AskHow does your organization "make sense" of an enterprise-wide approach to cybersecurity?  How has your organizational culture around cybersecurity changed over the past few years?  Any lessons to share with others? Send us a voice memo from your smart phone with your thoughts. You can send them to [email protected] and we will play them on the air at the end of our next episode.

When it comes to cybersecurity, the enemy holds many advantages.  They run the timetable.  They establish the rules of engagement.  And in a culture that exults the bandit, the pirate, and the hacker, they find many fellow travelers in dark places, on the web and in the world.   But for every bandit there is a sheriff.  This age is no different.  Rather than wearing badges and walking dusty wooden sidewalks, today’s cybersecurity sheriffs wear suits and roam the network, looking for vulnerabilities to fix before they are exploited.  Rather than protecting the townsfolk with a steady hand and trusty Colt, today’s cybersecurity sheriffs wield effective governance plans and the leadership to convince their organization that lazy passwords and curious clicks are the keys to the loot that bandits are riding off into the sunset with today. Welcome HIMSS’s new health IT cybersecurity podcast, Code Red. Code Red focuses on cybersecurity challenges facing health care today & tomorrow, featuring the voices of the people on the front lines. The goal of the podcast is to explore the interplay between the people, processes & technologies that make up an organization’s cybersecurity posture from both a leadership & skills-based perspective.  In today’s episode, we will explore how to successfully design and implement effective cybersecurity governance with 2016 Chicago CISO of the Year, Todd Fitzgerald, Global Director Information Security for Grant Thornton International.  Time to hop on your horse and ride… This Episode’s GuestTodd FitzgeraldChief Information Security OfficerGrant Thornton International, Ltd.Learn more about ToddFollow Todd on Twitter: @SecurityFitzLearn more about Grant Thornton International, Ltd. This Episode’s PromosHIMSS17 is the meeting place for all things health IT. Experience over 300 education programs, more than 1,200 vendors, hundreds of special programs, and limitless networking opportunities. Collaborate with HIMSS and thousands of colleagues worldwide as you work to positively transform health and lives through IT.Register Today This Episode’s Audience AskWhat lessons has your orgnazation learned about an effective cybersecurity governance structure? Send us a voice memo from your smart phone with your thoughts. You can send them to [email protected] and we will play them on the air at the end of our next episode.