Twelve percent of ransomware attacks are aimed at the healthcare industry. As the IT conversation hones in on these risks, Kristin Myers, CIO at Mount Sinai, shared her plans for healthcare IT cybersecurity, digital solutions, and the patient experience.
Ransomware attacks are not minor inconveniences for health systems; recent successful breaches have taken down organizations for the better part of a month, if not longer. Systems should both reduce the attack surface and have a plan for incident responses, according to Myers. Downtimes after a breach average approximately 23 days, which is not accounted for in many response plans.
At Mount Sinai, the system has begun to work towards an effective, long-term cyberattack response plan. According to Myers, they have begun to prepare backups and conduct tabletop exercises with executives to prepare.
Myers also emphasized overall healthcare IT cybersecurity programs. Mount Sinai recently brought in a new CISO, Rishi Tripathi, from outside the healthcare industry. Currently, he has been assessing Mount Sinai's program maturity and governance. According to Myers, the healthcare industry has fallen behind other industries in cybersecurity maturity. This has made outside expertise and insight a valuable resource.
According to Myers, a combination of the CISO and Chief Risk Officer have utilized an enterprise risk management framework at Mount Sinai. They have listed cybersecurity as a major risk. By having a governance structure of consistent meetings, reports, and committees, there has been more awareness and support towards preventative measures.
"I have to say everyone is extremely supportive of the cybersecurity program. I think it's a journey. There's no perfection with cybersecurity and it's a maturity journey that everyone is on," she explained.
According to Myers, recent digital solutions have come together to create a seamless and frictionless patient experience.
"Our patients are really used to being able to have very easy experiences in other sectors, whether it's retail or entertainment and we need to be able to bring that to healthcare," she explained.
Knowing this, Mount Sinai began looking for solutions like CRM, referral management, texting solutions, and more. The goal is to provide strong, unfragmented patient experiences. This has proved challenging, as it has been difficult to bring the experience together. According to Myers, it has been a slow process.
Mount Sinai determined their priorities from a combination of operations, clinical informatics, digital governance, and outpatient experience teams. Additionally, having direct patient input for digital solutions is an invaluable resource.
Additionally, Myers has shaped her philosophy for build versus buy. She explained that determining useful solutions starts by going back to the application portfolio. By identifying existing functionality and the enterprise roadmap, a team can identify if there is a point solution or if one must be built.
An example of this is in a text-to-chat for patients and physicians. For example, the My Mount Sinai application will begin to integrate this digital solution after discovering one of their applications had the current functionality for it.
As an academic medical center, innovation is expected. According to Myers, the Dean of their institution has newly appointed a department head for a division over artificial intelligence. As CIO, Myers has begun collaborating with the division with AI imaging. By combining clinical, claims, and social determinant data, there is a way to pinpoint outreach efforts for patients.
Currently, there are predictive models in place, and there is a desire to continue expanding its clinical data science team.
According to Myers, the system has begun to build an enterprise data strategy. This will serve as a foundation, providing additional self-service tools for groups across the health system.
"I think that we have a lot of data assets at Mount Sinai but we want to bring them all together and, as a research institution, make it easier for our researchers to get access to the data appropriately," Myers said.
Mount Sinai has begun to look across data centers post-pandemic to prioritize consolidation and an overall cloud strategy. According to Myers, there is a need for a multi-cloud strategy to provide various tools for genomics. The system will continue to stay multi-cloud. They have begun analyzing for a primary vendor to transition a majority of its business and clinical applications into.
Myers included data center facilities, cloud strategy, business continuity, and disaster recovery as upcoming priorities.
Beyond this, there are other transformation programs currently in the works. Mount Sinai now has live HR payroll for Oracle Cloud. Therefore, the system must move forward with financials, supply chain, access, and hospital billing. This has been a significant undertaking, according to Myers.
As they continue to roll out Epic, Mount Sinai has begun considering a unified communications strategy for its nurses and corporate team members. According to Myers, the cloud could potentially replace a number of telephones to streamline the number of devices.
"There's a lot going on. I'm sure there are at every institution. But again, cyber and digital are up there, as well as our enterprise data strategy, which we've been very much focused on and got funding for," she said.