Health care organizations have 50 percent more sensitive data than the global average. If you're concerned about how to keep that sensitive data safe in the face of cyber threats and safely restoring critical patient care services quickly, I'd like to invite you to Rubrik's Health Care Summit happening virtually today.
You'll hear from the leaders of New York General, UCI Health, and Seattle Children's Hospital on the latest in predictable recovery, AI, cloud, and ransomware defense. Sign up today at ThisWeekHealth. com rubric. So today in health IT, we are talking about educational institutions becoming a prime target for cybercriminals as the new academic year commences.
My name is Sarah Richardson. I'm a former CIO for several healthcare systems, most notably within HCA and Optum, and now president of the This Week Health 229 Executive Development Community, where we host a set of channels and events dedicated to transform healthcare And today I am joined by Bill Russell.
Hey Sarah, how's it going?
It's going well, and I'm excited to talk about this article specifically because you don't necessarily think about educational institutions being a target for cyber criminals and why that matters in healthcare and in IT. But as we think more about this, they're becoming targeted more and more often, and it's prompting concerns over data security and privacy.
What we're finding, truly, is the rise in remote learning and digital resources has expanded the attack surface for hackers, and they're exploiting these vulnerabilities within school networks. So as we think about experts emphasizing the need for robust cyber security measures, And staff training to protect sensitive student institutional data from potential breaches.
This is a big deal because they've driven by 37 percent and 41 percent incidents are a result of social engineering tactics like manipulating individuals into divulging sensitive information. What are some of your thoughts on this?
A little known fact I, by the way, the biggest, most exciting thing about this is for the first time we're talking about someone else being the target instead of healthcare.
So yes, for me that's one of the, that's one of the pluses from this a little known fact. I was a CIO for an academic institution, not an academic medical center, an academic university and also healthcare. CIOI will say. The hardest thing about an academic institution is students.
When you think about this next generation, from a privacy standpoint and a security standpoint, from a privacy standpoint, they look at privacy very differently than the generations before them. Now the baby boom generation, Quite frankly, didn't have to think about privacy. They were worried about their mail being stolen or something to that effect.
I'm, I don't mean that in a derogatory standpoint, but literally they didn't have online until much later in their life. And for, my generation, our, my first computer wasn't until I was, I think, 12 years old. And so that was my first computer. But my daughter, my youngest daughter had an iPhone by the time she was nine.
I think, she's on there at nine. She's writing her papers, her term paper in high school. She's writing it on her phone because it was faster. And I was talking to somebody the other day, they're like, writing their term paper. I now dictate my term paper into the computer and it, it essentially will transcribe the whole thing.
Like they, the keyboard, and we've wanted this for years, but the keyboard will go away. All right, all that to say, very different views of what privacy is. The way this applies to healthcare is, we have all of those generational categories in our organization with different profiles of how they look at security, how they look at privacy, how they think about things.
The reason this is hard for an academic for a university or college first of all, you have a transient population. Every year you get a whole bunch of people, you have to educate them on this stuff, and you think they know it and they don't. And they're willing to give away their credentials because they are not well educated, so you have to educate them from the ground up.
I think that's one of the commonalities here is large, diverse population sets across generation that view this whole thing. And sometimes the younger generation doesn't even view it as a problem.
You think about even when I was in college, our test results were posted by social security number on the outside of the door to the classroom.
And it wasn't, I get, it was a long time ago, but it wasn't so long ago that seemed normal at the time. But think about. Some of the spaces where schools and universities, they manage all of that personal research and data that's really important for people to be thinking about early. And the limited budgets make it really hard to have robust cyber security measures.
You just said something which is really important, which is, they track things by social security number. One of the reasons healthcare was attractive to these cyber criminals is you had one record that had all of this robust information. But it turns out they're looking at it going, I don't really care about your x rays.
I don't really care. There's a lot of extraneous information. The the student record also has a, it's fairly rich in terms of its information and its financial data and the financial data about the parents and social security numbers of, if not handled correctly. It could be a treasure trove for these criminals.
Absolutely. And we think about having students in STEM programs. And I just want to add the C to STEM. You've got the science, technology, engineering, math, and cyber. Because already by the time you're getting into college today, you probably have digital crumbs all over the internet. Your presence is well known.
If you've grown up with social media, Then you have yourself everywhere and really thinking about how you protect yourself as you go into greater aspects of your life, whether that's going to be having a credit line, having a credit card, having these things available to you. You go into these leadership roles and you think about a really good parallel in healthcare.
Recognizing similar vulnerabilities where sensitive data and critical operations are at risk is important. And the cybersecurity investment. If healthcare IT leaders think about robust defenses against ransomware and phishing like those targeted at educational institutions, it's an additional layer of awareness and protection in an industry that many of these students may end up in that they're not necessarily majoring in today.
So what?
I think about the so what is if you've got kids in any age or you're spending time with university students or you're going into these different. Venues, being able to really share the impact on the personal aspects of your life and how it carries over into professional because the lines are blurred completely.
It's another audience that's really important to make sure that they have what they need to keep themselves and their organizations safe.
Yeah, I, my, my so what on this is. We need to think like Hollywood producers. You're going to educate people on this, and you're going to be educating them for the next 100 years.
As long as you're in a healthcare leader in IT, you are going to be educating people for forever on this whole on privacy, security, compliance. So you might as well think like a Hollywood producer and get really good content, video content, that's You know, self paced, people can go through it however you want to do it.
But it needs to be high quality, funny if you can. If you notice, I don't know if you notice this, but you get on planes now and it used to be they had these videos that were in the plane and it was whatever. Now they're they're entertaining. They still have the same concepts.
They're not necessarily in a plane. They're just better. They're better education. They're better at remembering the content. So I would think like a Hollywood producer, get that content made. Make it funny. Make it great. Maybe you just buy it. Maybe somebody's already done it, but you're going to use it.
You're going to use it from now until the day you retire.
Yeah and you must be flying Delta because they do have humorous videos on how to get on and off their planes safely and effectively.
Yes, unfortunately I am flying Delta.
Thank you for your perspectives on this. And absolutely. Remember to share this podcast with a friend or a colleague.
Use it as a foundation for daily or weekly discussions on the topics that are relevant to you and the industry. They can 📍 subscribe wherever you listen to podcasts. That's all for today. Thanks for listening.