Health Information and Management Systems Society (HiMSS) is one of the largest healthcare member organizations in the world and its annual HIMSS conference is renowned as the premier industry event to learn about innovative healthcare technology. One of the rapidly growing areas of interest for healthcare organizations is security, particularly as attackers continue to target providers to compromise the trove of electronic personal health information (ePHI) that providers maintain.
Having attended many technology conferences over the past several years, I found the booths and exhibition floor of this year’s HiMSS conference to be more creative and interactive than almost any other show. From a session standpoint, a few common themes emerged. First, it is clear that the explosion of network connected medical devices is dramatically expanding the attack surface, and IT and security teams at healthcare providers are challenged to keep pace and maintain the security of their privileged accounts. Second, adhering to compliance requirements and “passing the audit” remains the primary driver for healthcare organizations’ investments in IT solutions – perhaps competing with security investments to some extent. The third trend that stood out was that providers are still trying to find solutions that enable teams to automate low-level work, so that they can spend their time on higher value tasks. None of this is necessarily a surprise to those familiar with the challenges in healthcare, but I did find something that surprised me – but, it wasn’t at a session.
In fact, I was elated to find that most of the discussions we had at the show were with attendees who had senior security titles. I was immediately curious about their motivation for attending and found that most of those I spoke with were within their first year leading security for their organization. Many of these professionals have held senior security positions in other industries, but had recently been brought on to lead security efforts because the provider’s board and C-level executives are now prioritizing proactive, sustainable security programs. There seemed to be consensus among the security pros I spoke with that they were facing the same challenges I heard about in the sessions. However, I was invigorated to find out that this new group of cybersecurity leaders were ready to think long-term about building a cybersecurity programs to defend against emerging threats, rather than focusing on short-term strategies to avoid failed audits.
Therefore, back to my initial question – while I do not think there will be an extra “S” added to the HiMSS conference acronym soon, I firmly believe that the industry’s overall evolution from audit drivers, to an emphasis on security strategy will continue to drive impactful discussions. I’m already looking forward to next year!