In this HIMSS TV interview, Roger Neal, Vice President and Chief Operating Officer of DRH Health, joins Healthcare IT News Senior Editor Andrea Fox to discuss the cybersecurity challenges facing rural and regional healthcare systems. Neal shares how DRH Health has evolved its cybersecurity program, addressed resource constraints, and built greater organizational awareness to better protect clinical operations and patient data.
Andrea Fox: Hello and welcome to HIMSS TV. I’m Andrea Fox, Senior Editor at Healthcare IT News, a HIMSS Media publication. Today on HIMSS TV, I’m joined by Roger Neal, Vice President and Chief Operating Officer for DRH Health, a regional hospital system in Oklahoma. He is here today to discuss how healthcare organizations can reduce their cybersecurity Acute care hospitals and 20 clinics increased its controls over the past few years.
Welcome to HIMSS TV, Roger.
It’s great to have you here.
Roger Neal: Thanks for having me, Andrea. I appreciate it.
Andrea Fox: Let’s just jump right in. Software vulnerabilities pose a persistent and pervasive threat to highly targeted healthcare organizations. Can they get ahead of the challenge?
Roger Neal: You know, I would like to tell everybody that I think we can get ahead of the challenge.
The healthcare industry is so complex and there are so many systems inside our hospitals and our clinics that we depend on other people. It’s very, very difficult to get ahead, but there are ways that we can at least get even. And I hope with changes in the industry over the next few years that maybe we can get ahead, but it’s a long road.
Andrea Fox: Thank you for that. Smaller organizations are especially vulnerable to cyber exploits. Can you please tell us about DRH Health and how it evolved its defenses after facing breach incidents?
Roger Neal: Sure. I think especially in the rural markets, our biggest challenge is really two things, right? You have resource allocation for most IT departments, and then the expertise in kind of that cyber field are both unfortunately lacking.
it is very difficult as you get out into rural markets to really compete and be able to do those things. But, I think our position has always been, as we’ve changed and we’ve done things to secure our defenses, is that we really needed to go to market and find a better way to do this. Again, the complexity that we have in every health system, every hospital across the country only increases exponentially every year. So I think for rural communities, all hospitals, the way to get out there is to really go out and search and try to find a partner that can help you.
There aren’t enough security personnel, security staff in the country to do everything we need them to do. But there are some really good firms. We actually picked up a firm, Clearwater. They have helped us kind of revamp our entire cybersecurity program. They also monitor a lot of our equipment 24-7, help us kind of have some secondary eyes. while we’re doing other things. I know out of my IT group, they’re overwhelmed.
They have projects, we have updates, they have patches and equipment and having that extra set of eyes that can look over and really watch and look at the background and see what’s going on is pretty amazing. I think for smaller organizations that don’t have the talent, that’s the best direction to go is to really to look out there and find a partner that meets your needs that can provide that backup support.
Andrea Fox: Can you tell us a little bit more about that? What were the overall impacts on the organization?
Roger Neal: So for us, as we hired Clearwater and they came in to look at the organization, one of the approaches that we took with them was to really sit down and say, hey, we know we’re not going to be perfect, and there are blind spots that we can’t see, that’s why we hired you. We want you to come in and really take a look at what are we doing well, what are we’re not doing well. And then the things we’re not doing well, I want you guys to help us figure out how do we do it and we do it the best possible way we can, giving all the other, restraints that we have in the industry.
So from an organization standpoint, they did that, they brought people in and we sat down with our IT group. We sat down with other managers. We developed a comprehensive plan of, these are all the systems that we use. These are the things that are critical to the organization. We laid out, the different tiers of how we want, things to be recovered.
And overall although it seems like a really huge lift and it is a really huge lift to change your whole cyber program. It was very, very good because we had the opportunity to bring in all of those clinical staff and those clinical leaders and have them sit with us and understand this is why these things are important. So I think for us, as we went through that, it really helped us bring the organization together.
So I think today we have a much higher awareness, a much higher understanding of, hey, these are real threats. These are things that are actually truly happening in the market. within the walls of DRH Health. Everybody understands their role and what they’re supposed to do and why certain things are important.
And that has been a tremendous help to our IT team as we continue to roll out projects and do things.
Andrea Fox: Thank you Roger for oyur candid insights we really appreciate that
Roger Neal: Sure, thank you.
Andrea Fox: And thanks to you for tuning into HIMSSTV we’ll see you next time.
