Ask an Expert: Barbara Giacomelli Talks Cybersecurity

A conversation sheds light on the importance of cybersecurity for hospitals and health systems.

By McKesson Health Systems Editorial Team

Read time: 3 minutes

Ask an Expert: Barbara Giacomelli Talks Cybersecurity

From the recent Colonial Pipeline ransomware attack that halted systems to the more than dozens of data breaches over the 21st century, cyberattacks are a growing threat across industries. Health system and hospital pharmacies are no exception. In a recent Q&A, we sat down with Barbara Giacomelli, vice president of Advisory Solutions for McKesson Pharmacy Optimization. In this conversation, she shares insights on the importance of protecting systems from cyberthreats and key considerations to lessen system vulnerability.

Q: 2020 brought about significant shifts in day-to-day work. Can you shed some light on that change for hospitals and health systems?

A: Many people began working remotely. That brings its own challenges such as whose phone you use for communication and accessing system data for patient interactions. That flexibility also brings potential for increased information sharing through actions like taking computers home and potentially using personal cell phones. Hybrid and remote work environments during the pandemic have likely led to more data sharing beyond the walls of the hospital, which, in turn, can make systems more vulnerable to cyberattacks.

Q: Can you speak to the difficulty that comes with managing data and securing it at the same time?

A: It’s a challenge. When we meet with our customers about what they’re facing every day, that always comes up. How can they manage their data and use it to the best of their ability to provide care for patients or strategically plan for what’s next? It’s always asked about, and data comes in from multiple sources. Even when you have a fully integrated electronic medical record, there are still other sources, and it’s integral to have security along the way. You don’t want someone’s private health information or personal information getting in the wrong hands. The systems contain quite a bit of information about a patient, so you need to be secure and have access, but more importantly be able to keep operating despite disruptions.

Q: How can health systems start with securing system data?

A: The IT department is critical in a healthcare organization, and they spend a fair amount of time making sure the system is secure with redundancy – a backup to the backup. The team focuses on controlling the system in a way that blocks access from outside sources. From a healthcare leadership perspective, it’s part of the organizational budget, but you need to have a plan in place to prepare for emergencies and what the hospital or health system’s position will be. Some organizations have had to pay a ransom to get access to their data and others have decided not to, so it’s important to be prepared for any potential impact.

Q: What areas are critical in protecting health systems against cyberthreats?

A: There are a few ways to go about safeguarding your systems. You first want to maintain the latest software. This includes antivirus, anti-malware software and firewalls. The more current your software is, the lower the risk of attack to your system. Additionally, health systems want to assess risk by consulting with a cybersecurity expert. Through an assessment, they can identify gaps and arm themselves with the solutions needed to strengthen their systems and better prevent hackers from exploiting vulnerabilities. Finally, do your research and look for the warning signs early by identifying potential new vulnerabilities. Doing so could help prevent system insecurity.

Visit our page to learn more about McKesson Health Systems and resources.