Interview: Jackson Health System's information security chief outlines strategic security strategies
For over a decade, Jackson Health System has been leveraging a behavioral analytics solution powered by AI to enhance its operations. This technology, a key component in the system's arsenal, aids in improving accuracy and efficiency, particularly in repetitive processes.
The health system's embrace of AI, however, comes with its own set of challenges. As organizations worldwide increasingly rely on AI, there's a growing trend of users relying on these systems to bypass controls. This expanded risk profile, coupled with the move to the cloud and a decentralized architecture, necessitates a strong focus on identity and access management.
Connie Barrera, the Chief Information Security Officer (CISO) at Jackson Health System, underscores the importance of understanding risks before deploying new solutions. She emphasizes the need for a robust identity and access management solution, especially for privileged access management, which is pivotal in the system's zero trust strategy and managing identities across the board.
In light of the increased focus on healthcare as a target for attacks, the FBI and the Cybersecurity and Infrastructure Security Agency have issued warnings. To counteract this, Jackson Health System has implemented several security measures. Monthly control audits and Active Directory credential validations are automated, ensuring a proactive approach to security.
Privileged access management is not the only area of focus. Jackson Health System is also working on communication and outreach to regulate the acceptable use of AI, patient privacy, and prevent data from wrongful exchange. This includes efforts to shift policies to accommodate the use of AI, acknowledging that employees may use it off the network.
Security training is another crucial aspect. Despite it often feeling like a burden for clinicians due to their busy schedules, Jackson Health emphasizes its importance. The system has achieved 100% compliance with the yearly security awareness training required for all employees.
Involving other stakeholders in security responsibilities is also key at Jackson Health. This is achieved through face-to-face meetings, committees, and "road shows". By connecting security priorities with patient care, the system ensures that everyone understands the importance of their role in maintaining a secure environment.
The Internet of Medical Things (IoMT) is an area that requires more vigilance due to its lack of management in the past. Jackson Health System is not ignoring this challenge. They are working diligently to address the security concerns associated with this technology.
In the face of persistent cyber threats, Jackson Health System has turned to immutable backups for data assurance in the event of a ransomware attack. This, coupled with their focus on zero trust and decentralized architecture, demonstrates their commitment to maintaining a secure environment.
The health system at Jackson Health, with its slogan "making miracles happen", aims to achieve this with AI solutions. Cybersecurity, however, remains a critical concern in healthcare, as the industry is a target for malicious actors. Jackson Health System continues to lead the way in demonstrating how AI can be harnessed to improve efficiency while maintaining robust security measures.
