What’s ahead for health care in Solano, Napa, Marin, Sonoma counties as COVID era shifts
A pandemic lingers, a virus mutates and a public frets. Through it all, health care workers push on as the foundations of the care system seemed to shift beneath them.
To gauge the status of that industry, the North Bay Business Journal posed several questions to local health leaders:
- Gabriela Bernal-Leroi, Santa Rosa Community Health
- Darian Harris, Healdsburg Hospital and Petaluma Valley Hospital (Providence)
- David Klein, MarinHealth
- Kathie Powell, Petaluma Health Center
- Alicia Hardy, OLE Health
- Kelley Jaeger-Jackson, Sutter Solano Medical Center
- Dan Peterson, Sutter Santa Rosa Regional Hospital
- John Hennelly, Sonoma Valley Hospital
Their answers have been edited.
We know that cybersecurity has been a threat to health care organizations. What steps should the industry take that it hasn’t?
Gabriela Bernal-Leroi: Organizations need to build a culture of security awareness, which starts with training staff, communicating frequently, and hiring dedicated resources who are focused on cybersecurity, like a director or CIO.
We’ve increased staff training and communications, and used technology to practice and reenforce awareness, for example sending out fake phishing campaigns and then following up with people who fail them. We also increase communication when there are known threats are around.
The biggest vulnerability of any organization in terms of cybersecurity is always its people. Everyone wants to make sure things are getting accomplished and to please their supervisors, and things are moving quickly. The attacks are so sophisticated now; it’s easy to fall for them.
Darian Harris: We have invested and continue to invest in sophisticated detection and prevention systems, including phishing alerts, proactive monitoring of firewalls and adaptive network updates, that harden our electronic infrastructure and securely protect the private health information of our patients.
The fact is that the considerable majority of focus as an industry continues to be on preventing cybersecurity attacks and given the increasingly connected world we live in, the unfortunate reality is that these attacks will continue to happen with greater frequency.
We in healthcare are very familiar with simulating response and recovery from unfortunate realities like this pandemic, mass trauma events, and many other potentialities, and we as an industry need to invest more into post-event / cybersecurity attack response and recovery simulations. This should include multi-organizational and multi-sector cybersecurity attack simulations where the difficult questions are wrestled, and worst-case scenarios considered.
For example, how do we keep patients safe who depend on technology-enabled equipment, what would be the federal (FBI) response, what would the cybersecurity experts advise in ransom-wear situations and what precedence would potential payments set for the industry?
David Klein: As new and exciting health technologies hit the market, we must demand that these products be built and maintained to industry security standards. It is extremely challenging for healthcare organizations to stay ahead of the cybersecurity risk curve.