THE IT&S 2015 ANNUAL REPORT
2015AnnualReport
2015AnnualReport
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Response to and Recovery from<br />
Potential Threats and Incidents<br />
Responding to potential threats in a timely manner is vital to<br />
limit or contain the impact of incidents, and the Information<br />
Protection team made some impressive strides this past year in<br />
preparing for danger.<br />
Key accomplishments in <strong>2015</strong> included:<br />
Protecting Our<br />
Patients, Our Staff,<br />
and Our Name<br />
Paul Connelly, VP and Chief Information Security Officer, visited<br />
divisions in <strong>2015</strong> to paint the very complex and textured<br />
picture of information protection for division and hospital<br />
leaders. The number of facilities, systems, users,<br />
vendors, and volume of data to protect is massive,<br />
making our risks for compromises especially high.<br />
The primary goal of the Information Protection team<br />
is to protect HCA’s patients, staff, and company’s<br />
reputation.<br />
• ESTABLISHING A BREACH<br />
RESPONSE FRAMEWORK<br />
• DEVELOPING A MATURE<br />
<strong>REPORT</strong>ING PROCESS<br />
This won’t be accomplished, though, without everyone’s<br />
diligence and vigilance. That’s why it’s the responsibility of<br />
AND PROCEDURES TO HELP<br />
BUSINESS, LEGAL, AND IT<br />
RELATIVE TO HCA’S<br />
CYBERSECURITY INSURANCE<br />
each and every workforce member to:<br />
PERSONNEL RESPOND IN <strong>THE</strong><br />
COVERAGE<br />
EVENT OF AN INCIDENT<br />
• PERFORMING INCIDENT<br />
RESPONSE TEST EXERCISES<br />
TO IDENTIFY OPPORTUNITIES<br />
FOR IMPROVEMENT<br />
• UPDATING EMAIL RETENTION<br />
GUIDELINES AND TRAINING<br />
RECOGNIZE THAT <strong>THE</strong><br />
RISKS ARE REAL. <strong>THE</strong><br />
EXTERNAL AND INTERNAL<br />
THREATS ARE INCREASING.<br />
CONSEQUENCES FROM<br />
BREACHES COULD BE<br />
PROTECT <strong>THE</strong>MSELVES<br />
AND <strong>THE</strong>IR FAMILY. FROM<br />
PHISHING EMAILS AND<br />
PASSWORD PROTECTION<br />
TO SOCIAL MEDIA<br />
USE AND TRAVELING<br />
INCORPORATE <strong>THE</strong>SE SIX<br />
WORDS INTO DAILY ROUTINES<br />
AND DECISIONS: “HOW<br />
WILL OUR INFORMATION BE<br />
PROTECTED?” ALL EMPLOYEES<br />
MUST MAKE INFORMATION<br />
CATASTROPHIC FOR OUR<br />
SAFELY, EMPLOYEES ARE<br />
PROTECTION A PRIORITY<br />
PATIENTS AND COULD BADLY<br />
ENCOURAGED TO KEEP<br />
WITH TEAM MEMBERS AND<br />
DAMAGE <strong>THE</strong> REPUTATION<br />
CURRENT ON WHICH<br />
VENDORS. <strong>THE</strong>Y’RE ALSO<br />
OF OUR FACILITIES AND<br />
ACTIONS WILL PROTECT<br />
ENCOURAGED TO CHALLENGE<br />
ORGANIZATION.<br />
<strong>THE</strong>M AND WHICH ACTIONS<br />
<strong>THE</strong> “WAY WE’VE ALWAYS<br />
WILL PUT <strong>THE</strong>M AT RISK.<br />
DONE IT” AND ENGAGE<br />
INFORMATION PROTECTION<br />
WHEN NECESSARY.<br />
82<br />
83
Change language