How about this scenario: The technology that had allowed one nurse to safely keep watch over 20 patients at a centralized station is down, meaning a lot more clinicians are suddenly needed to cover the same load. What will you do? This is the type of emergency that Tomislav (Tom) Mustac, Mount Sinai Health System’s senior director and head of systems, cloud and biomed security, tries on a regular basis to get his organization to consider. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Mustac talks about how he encourages staff at tabletops to deliberately challenge each other. “So they’re going to think about when this happens, if it happens, how would I deal with it,” he says. “And it also helps us on the IT side to get resources dedicated to step up our technology, to step up our processes and improve.”

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

… the communication is vital so we actually talk through these things with each other, how we see things unfolding. Because as a technologist, I can come to you and say, “Well, we’re going to do X, Y and Z,” and think it’s all going to be great. But now when I have to involve others that actually have to work within that plan that I developed, they have a different scenario, or a different outlook, or they may not have the resources that I’m assuming they have.

But everything with technology seems to be a matter of time. When people say something can’t be broken into, it can’t be done, that’s dropping the gauntlet, and people start going out there and trying to do it. Eventually, somebody will find a crack in the armor somewhere.

… what I’ve always said to my friends on the manufacturer side is if you don’t do this, somebody else will, it’s a competitive world. So you’re going to see foreign competitors come in and start eating your lunch, because they’re going to come in with patchable operating systems to update security features.

Guerra: Tom, thanks for joining me.

Mustac: Good morning. Thank you for having me.

Guerra: Great, lots of good stuff to talk about today. Tom, can we start out with you giving me an overview of your organization and your role?

Mustac: Sure. So we are one of the major healthcare providers here in the New York City area, consisting of eight hospitals and well over 200 outpatient clinics and offices. We’re also a research and learning hospital. So a lot going on; a lot of diversity in the environment, both from a technology standpoint and the services offered. My role, I’m responsible for the cybersecurity of all our devices and helping to close down the many vulnerabilities and concerns that have been in the medical vertical for a number of years that are getting a lot of attention now.

Guerra: Certainly are getting a lot of attention. So, quite an interesting title, head of systems, cloud, and biomed security. Do you see those as different buckets that you have to cover? Or is it, in your mind, one thing?

Mustac: From a technology standpoint, there’s a lot of similarities because bits and bytes are bits and bytes, but from maturity levels of security, they’re different buckets. The traditional irons that we have: mainframes, desktops, laptops – all that stuff is pretty well covered and mature. The new stuff in our environments, obviously, is the big push for the cloud. And medical and IoT devices, I think,