A carefully honed zero trust approach can allow healthcare entities to reduce pushback from clinicians while still “raising barriers appropriately” to prevent security incidents, says Dr. Eric Liederman, director of medical informatics of The Permanente Medical Group and national privacy, security and infrastructure leader of The Permanente Federation.
“Zero trust is a fascinating area where there is a lot of innovation,” he says in an interview with Information Security Media Group conducted at a recent HIMSS cyber forum in Boston. “But I think it is thought erroneously by many people that we’re hunkering down … and not trusting anything or anybody, and assume everything and everybody is an imposter trying to harm us,” he says.
“The vast majority of transactions and interactions are legitimate,” Liederman says. The promise of zero trust in healthcare is to lower friction for clinicians so that they can easily and securely access critical patient information when needed, while still safeguarding data with additional protections when such access attempts appear suspicious, he says.
In the interview (see audio link below photo), Liederman also discusses:
- Ways to reduce clinician friction and increase organizational support in healthcare data security initiatives;
- Incident response issues in ransomware attacks;
- Why the CISO often takes on the role of de facto CEO at some healthcare organizations following a ransomware attack.
Liederman, an internal medicine physician, serves as director of medical informatics for The Permanente Medical Group and national leader of privacy, security and IT Infrastructure for The Permanente Federation. In these roles at Kaiser Permanente, which serves over 12 million members across the U.S., he is accountable for privacy and security, IT investment, large program governance and IT infrastructure delivery and resilience.