Department Hosts Cybersecurity Town Hall Alongside U.S. DHHS

William Welch, Julie Chua, Nick Heesters, CIO José Arrieta, Mandy Cohen, Pyreddy Reddy and Sam Gibbs convene at the N.C. State Archives Building for the town hall.

Jan. 27, 2020 -- The North Carolina and U.S. Departments of Health and Human Services teamed up for a town hall on Jan. 22 to educate health care and IT professionals about managing cybersecurity threats and protecting patients.

In attendance from the U.S. Department of Health and Human Services (HHS) were Chief Information Officer José Arrieta; Governance, Risk and Compliance Director Julie Chua; and the Cybersecurity Coordination Center’s Cyber Engagement Lead William Welch. Nick Heesters, Senior Advisor for Cybersecurity from the Office of Civil Rights, was also in attendance. 

Pyreddy Reddy, Chief Information Security Officer with NCDHHS’ Privacy and Security Office, welcomed attendees and kicked off the morning’s events.

“At NCDHHS, we are working hard to make sure all confidential data is protected from cyber threats,” Reddy said. “But we know those threats are constantly evolving and we want to make sure that all of us in private and public health care and IT sectors are aware of best practices when it comes to managing these threats and protecting patients and the people we serve.”

NCDHHS Secretary Mandy Cohen thanked the hard work that individuals like Reddy put into cybersecurity efforts to protect the privacy of North Carolinians. Following her remarks, Secretary Cohen introduced U.S. HHS Chief Information Officer José Arrieta for his opening keynote. 

Arrieta said cybersecurity is crucial to providing accurate health care services and ensuring that patients trust not only their health care system, but their government as well.

“Cybersecurity is about patient safety,” he said. “Interfering in health care and access to health care tears down trust between the people and their government.”

The town hall sessions were geared toward those who would encounter cybersecurity threats most often in their workplace, ranging from health care providers to IT professionals.

The morning session focused on health care practitioners, nurses, administrative employees and those who work on the “frontline” of health care. The session discussed how cyber-attacks can occur in everyday working life and covered the top five cybersecurity threats to the health care industry. They are:

• Email phishing attacks 
• Ransomware attacks 
• Loss or theft of equipment or data
• Insider, accidental or intentional data loss 
• Attacks against connected medical devices

The afternoon session addressed concerns of IT professionals working in health care organizations and discussed the best practices to mitigate cybersecurity threats. Sam Gibbs, NCDHHS Deputy Secretary of Technology and Operations, joined this session to cover topics that are especially pertinent to North Carolina’s cybersecurity.

Jan. 28 is Data Privacy Day, which recognizes privacy and data protection best practices. The U.S. Department of Health and Human Services’ website has more information about aligning cybersecurity efforts in the health care industry as well as cybersecurity materials for health care organizations.

DHHS employees interested in learning more about cybersecurity should contact the DHHS Privacy and Security Office.