NVH on cyber risk and prevention: protecting ‘the keys to the kingdom’

Cyber risk and prevention a top priority presenting one of the biggest targets to patient data and information

North Valley Hospital is taking precautions against cyber attacks.
<em>Laura</em> <em>Knowlton/staff photo</em>

North Valley Hospital is taking precautions against cyber attacks. Laura Knowlton/staff photo

NORTH COUNTY- Chad Schmitt Chief Information Officer addressed North Valley Hospital Board of Commissioners on the common issues being faced regarding cybersecurity and what is being done to protect sensitive information, such as data and patient information, during the district’s regular board meeting, Thursday, March 28.

Schmitt said cyber risk and prevention are a top priority and presents one of the biggest targets as it relates to patient data and information.

“On the black market, it’s one of the most lucrative things that someone can sell on the black market, or the darkweb. Patient data is relatively easy to find, floats around pretty much everywhere,” said Shmitt.

From the perspective of how to keep data information internal and safe from external individuals or external organizations, Schmitt said it’s accomplished in a number of ways through perimeter defenses.

Much is being done to manage and protect against the threats posed by cyber risk and are established through perimeter defenses, firewalls and intrusion detection systems. All are ways which will alert if somebody is trying to infiltrate the environment.

“I think it’s important to know that they are. It’s not a matter of, is somebody. Know that they are,” said Schmitt.

Schmitt said this is a regular challenge that most businesses, specifically the healthcare industry, has to deal with.

“We do have a lot of integrations with third parties. We send a lot of our data out through interfaces. We recognize the fact that there are challenges or opportunities for our data to be exfiltrated out. We take a pretty hard stance on ensuring that our perimeters are defended as best as they can be,” said Schmitt.

While cybersecurity is challenging and complex, NVH has mechanisms and software in place to track where data goes, according to the CIO.

“We do have a relatively robust perimeter defense,” said Schmitt.

Schmitt said a security operations partner looks at the hospital’s data internally and where it’s going and what it’s doing.

“They are looking for what we would call anomalist behavior,” said Schmitt.

Would-be hackers try to infiltrate the system and gain “the keys to the kingdom” through phishing campaigns and emails, to execute code.

“Hacking is very sophisticated. It’s actually a billion dollar business. I’m sure we’ve all heard of ransomware. It’s one of the most common events that we see,” said Schmitt.

As it relates to internal processes, Schmitt said backups are a key focus.

“I think the leadership team here has made some pretty good investments as it relates to tools and products and other things that help protect the environment,” said Schmitt.

NVH continues to organically work on their multi-factor authentication which increases resilience. from a cyber risk perspective.

“We’re making a lot of strides towards moving our email and some of the other productivity things, to systems that are a little bit more secure,” said Schmitt.