From the bedside to data centers, healthcare requires teamwork to ensure the highest quality of care. This has become increasingly clear when it comes to securing valuable healthcare data.
As vice president of IT at Fountain Valley, Calif.-based MemorialCare, Kevin Torres also oversees the chief technology officer and CISO functions. Through key partnerships, Torres and his team have strengthened cybersecurity at the organization. At MemorialCare’s Technology and Training Center, they can also now test solutions that enhance care.
“We concentrate on the fundamentals,” Torres says. “We react quickly to the changing environment from a cybersecurity standpoint. If we see a threat and there’s something that we can do about it, we act immediately and quickly.”
Torres discussed MemorialCare’s cloud journey and what makes security partnerships a transformative asset in healthcare.
WATCH NOW: CDW helps MemorialCare protect its valuable healthcare data.
HEALTHTECH: How are you validating your cybersecurity program as a whole?
TORRES: We like to compare ourselves with our peers in the industry. Sometimes it's just by conversing with other organizations; other times, it's participating in national benchmarks, such as the annual benchmarking sponsored by the American Hospital Association. That gives us a good evaluation of how we stack up to our peers. What are we doing right and where can we improve our cybersecurity posture? Our partner, because they have a line of sight into so many different healthcare organizations, can also evaluate how we stack up to our peers.
HEALTHTECH: How is your organization adapting to the ever-changing cybersecurity landscape?
TORRES: We take a fundamental approach to our cybersecurity program. We follow the National Institute of Standards and Technology framework like most health systems do, but we concentrate our efforts on the basics. We monitor our systems to make sure that we have a really good program, to make sure that we’re capturing all of those events, and then we have a 24/7 security information and event management (SIEM) system that allows us to manage that remotely and constantly throughout the day to see if there are any adverse events that occur.
There are always opportunities for improvement, but I think we have a solid staff and a good cybersecurity program based on leadership. We concentrate on our cybersecurity not from a technology solution standpoint but from the standpoint of overall risk to the organization.
We use recommendations from CDW when it’s saying, “Hey, look at what’s going on in the industry. You might want to implement these tools or these processes.” We listen carefully and then we implement, and we don’t mess around. I think that our reaction time is what keeps us at the forefront of having a very strong cybersecurity program.
Click the banner below to dive deeper into zero trust and its benefits for healthcare.
HEALTHTECH: What are the benefits of working with a partner on cybersecurity?
TORRES: We not only have a technology center that is equipped with state-of-the-art equipment, we also have a valuable partnership. Our partner is a trusted adviser that supports me in my role, putting in the tools, processes and projects that help protect us from ransomware attacks. They know how our ecosystem works. They’ve worked with us for years now and are also deeply ingrained in how we manage the day-to-day operations of our backup, our restoration and how we manage our servers – all of our environments.
HEALTHTECH: What aspects of the partnership stand out?
TORRES: Our partner provides the necessary expertise to tackle cybersecurity from a healthcare perspective. Healthcare organizations have a different core competency compared with other industries. At the center of our work is patient safety. Our partner clearly understands that, because they work with healthcare organizations across the U.S. That gives us a great advantage.
I’m engaged with our partner at all different layers and levels, from network infrastructure and the design of the cloud infrastructure to the data centers and all of the core ecosystems that allow us to deliver applications across our enterprise.
The team that we work with is very communicative. For instance, Marty (Momdjian, a CDW Healthcare strategist) gathered our cybersecurity team and gave us a briefing on what’s going on with some of the ransomware events that have been occurring across the U.S. He brought that intel to our team and said, “Have you fine-tuned this? You might want to look at your SIEM. You might want to look at how you're controlling your desktop. Here are some things that we learned from this ransomware event that you could probably apply here.” That's valuable intel that we wouldn’t have access to without a partner who can bring up those action items and meet directly with our team to help us solve those problems.
I know I can reach out to Marty anytime and say, “I heard what’s going on at this institution,” or “Something happened here. Are we flat-footed? Do you see any vulnerabilities, any correlation that we should implement?” And Marty will respond with key actions we can take, such as conducting a social engineering exercise to make sure that we have our help desk properly prepared. I can reach out at any time and get an immediate response. That’s how we work together.
RELATED: Cook Children’s begins cloud migration journey with disaster recovery.
HEALTHTECH: How is your partner involved in your cloud journey?
TORRES: In terms of cloud infrastructure, our partner is our go-to company when we want to send our workloads for various applications to the cloud. We already have systems set up. We have our air gap backup in compliance mode, where we take a complete copy of our electronic health record, all of our important data, and we send it off to the partner’s data center. We use the cloud for that. If we ever have to bring our systems back up and have to go back to bare metal, we can take that unencrypted backup and move it into our systems. We’ll leverage CDW in order for us to recover, because CDW knows our data center, our ecosystem and our network.