top of page

Shark Tank's Robert Herjavec notes Healthcare organizations are prime target for cyber attacks

Robert Herjavec is one of the Shark Tank stars. And he is the founder and CEO of the Herjavec Group, a global information security specialist. Herjavec and fellow shark Kevin O’Leary will be giving a keynote on Thursday, Feb. 23, 2017 at HIMSS17 in Orlando.

Healthcare IT News asked Herjavec to shed light on the enormous potential for innovation in healthcare, what executives should be doing today in terms of information security, and we asked about the top several technology areas hospitals — and investors — should be focusing on right now.

Q: What does the current state of security in healthcare look like to someone who runs a security firm serving several vertical industries? A: Healthcare organizations are a prime target for cyberattacks. Healthcare providers are laser focused on what they do best – providing patient care. This means that in majority of cases, budgets are spent on research, on advancing treatment, and rightfully so on patient care. Many security systems are entirely antiquated and emerging tech is deemed too expensive and cumbersome to implement or adapt. But just like a large public enterprise organization, healthcare providers have to prioritize a proactive approach to security - balancing people, process and technology to improve the protection of their informational assets and patient information.

One of the key areas that makes healthcare providers vulnerable, is how dependent they are on information systems. There are significant information processing requirements and investments made each year, and it can be difficult to keep them all up-to-date, patched, and refreshed. This is partly due to the technology push into medical treatments, and partly due to constant pressure to keep non-clinical costs down. The result is a higher-than-average legacy “debt” of outdated systems, unpatched operating systems, and older browsers. In some cases, IT systems associated with medical devices may be a bundled and approved system that cannot be altered without affecting its function or authorized use. We also have to consider that larger projects, including the implementation of new healthcare information systems, can take years, and security considerations and proactive protection often fall by the wayside during these transitions.

Q. What about innovation more broadly? There is a lot of venture capital going into healthcare right now, but are there big opportunities being missed? A: Where there is innovation there is opportunity. Cybersecurity is an industry that’s evolving entirely every 2-3 years. New technologies, new vulnerabilities, new threat vectors. Health care is similar because technology and innovation continue to improve. New drugs, new providers, new ways to care for patients. It's exciting and there is certainly opportunity to continue to invest in this space. I'm very bullish on the healthcare market as it's ripe for continued improvement and innovation.

Q: What is the technology or area that investors and hospitals should be focusing on today? In 3-5 years? A: Improvements in auditing and monitoring have taken security in healthcare a very long way. By leveraging User Behavior Analytics and improved Identity Management tools, healthcare providers are better able to determine who has access to what data, when, for how long, and why. Continued adoption of technologies being adopted by the general market, including SIEM, IPS, Next Gen Firewalls and endpoint securities will only continue to benefit the healthcare industry.

Hospitals and medical companies need to take a proactive approach to cybersecurity. They can benefit from: increased use of PIM/PAM account access management tools, segmenting networks and restricting access to HIM systems as much as possible, updating operating systems regularly, restricting and logging administrator activity, patching endpoints aggressively wherever possible (especially OS, browsers, Java and Flash) and educating staff and clinicians about cybersecurity risks and challenges.

Excert from presentation for HIMSS17, runs from Feb. 19-23, 2017 at the Orange County Convention Center.

If this was helpful, SHARE with a friend with the below:

bottom of page