PIKEVILLE – Large corporation security breaches are making headlines almost weekly. Pikeville Medical Center (PMC) is on the cutting edge of technological operations, protecting patient and employee data from outside intrusion, better known as hacking.
While other health care facilities in the nation have suffered security issues or ransomware attacks, PMC remains secure.
“We have several security applications and policies related to protecting patient information,” explained Tony Damron, PMC Chief Information Officer and Senior Vice President of Information Systems (IS). “While no organization can ever be bullet proof when it comes to attacks, we have implemented tools that allow us to handle incoming email and control internet usage in a way that protects PMC records as much as possible. I can’t say that PMC will never have a breach or security issue, but I can say that we have a team of people with eyes on security every day.”
Damron explains that PMC’s steadfast security is a direct reflection of the procedures implemented to protect the hospital. His department uses tools every day that are designed to protect all information in an organization.
“We also do penetration testing from inside as well as outside the organization to find any issues that we may need to address,” said Damron. “The PMC board of directors is also very interested in the attempted attacks on PMC and we report information to them quarterly.”
The IS department also goes to great lengths to train all PMC employees on safe internet and email usage, to safeguard their personal accounts against outside intrusion and to defend against fraud and phishing scams.
“We do phishing simulations, by sending out fake emails with indicators that it’s a bad email. When an employee clicks on that link, we are notified that they failed the simulation and they have to attend a refresher course on what they should and should not be looking for,” said Steve Endicott, PMC Information Security Officer. “We also do a class for all new hires and an annual computer based training for all staff on the importance of information security.”
Damron attributes a great deal of the success of his department’s security measures to end user communication. All employees are frequently reminded how important it is to be cautious when using the computers that are required to do their jobs every day.
“The number one way to infect and access any system is people,” said Chad Phipps, PMC Information Systems Technical Director. “We could have all the best systems in place, but if employees are still misusing the internet and email, it threatens our security. The best thing to do is educate your staff.”
No system is impenetrable, and the mere fact that so much equipment and so many devices are connected to the PMC network pose potential risks.
“There are 7000 pieces of PMC equipment attached to our network, not including cell phones. When you factor in hospital visitors and staff cell phones, in reality, there are about 11,000 things attached to our network every day,” said Phipps. “Testing the strength of our system is necessary.”
Endicott says he tests for vulnerabilities from inside and outside the hospital network every day.
While defending the hospital against outside sources is only a small part of the IS department’s responsibilities, it’s an important topic that gets a lot of attention.
“It is something that is in the front of our minds every day. You see it in the news all the time,” said Damron. “What we really try to do is put the tools in place to prevent the worst from happening.”
Security is one of the hot topics in healthcare today and is at the front of any electronic initiatives. Data must be protected using the best means possible.
“In the past, users could just download software onto your computer here at work that they wanted to install. Now, when you try to do that, our systems prevents it,” stated Damron. “You have to give a reason why you need this software and the request goes to security to be approved or rejected.”
All of these network monitoring activities and security innovations take place in the newest PMC campus expansion – The Data Center.
