Endpoint Security: Managing the Impact on Clinical WorkflowCISO Dave Summitt of H. Lee Moffitt Cancer Center Describes His Approach
When implementing endpoint security solutions in healthcare environments, a critical consideration is the impact of the technology on clinical workflow, says Dave Summitt, CISO at the H. Lee Moffitt Cancer Center and Research Institute in Tampa, Florida.
For example, When Moffitt implemented a new anti-malware solution several years ago, Summitt's team quickly learned that running the software on systems used by radiologists for reading medical images significantly slowed down performance, Summitt explains in an interview with Information Security Media Group
"When AV [anti-virus software] is put on a machine, you can put it in a very active mode of scanning everything that it does, including any data transferring that's going on with the machine," he notes. "But when that occurs, it slows the machine down because the AV software has to look at every bit coming across to make sure it's good. That inherently is going to cause interruption."
To address the issue, Summitt implemented a virtualization security solution from Bromium that eliminated the need to use anti-malware on the radiology endpoints. "This basically operates in a virtual world itself and can stop anything going onto the network, or elsewhere into the machine," he says. The change "helped us with the speed problem. ... Radiologists were back to reading normally."
The organization now is considering removing anti-malware solutions from other endpoints in favor of virtualization, he says.
But that could prove challenging. That's because the anti-virus software that's being used now at Moffitt "has other endpoint protection in it, so it's not easy to go pull anti-virus off and replace it ... because of the other things my anti-virus product suite can do that I don't want to extract."
In this interview (see audio link below photo), Summitt also discusses:
- How Moffitt's virtualization security solution works to protect its radiology endpoints;
- Other critical endpoint security challenges in healthcare settings, including those involving medical devices;
- Promising security technologies being examined at Moffitt, including artificial intelligence and blockchain.
Before becoming CISO at H. Lee Moffitt Cancer Center and Research Institute, Summitt spent 21 years at the Department of Defense, where he held various roles, including the Naval Sea Systems Command's technical representative for a major missile defense program, security data custodian, information systems security officer, data and configuration manager, and change control chairman for several military programs.