Watch CBS News

Health Info Network Adds Security Services, Names Chief Security Officer

EAST LANSING -- The Michigan Health Information Network Shared Services has announced statewide "Shared Security Services" for Michigan health information organizations to increase the security and privacy of the personal health information they are responsible for protecting under HIPAA and HITECH federal laws.

MiHIN's shared security services include security/threat assessments, penetration testing, social engineering/testing, and security awareness training.

"Our security tests go beyond a pass/fail checkbox like a typical SAS 70 or SAE-16 audit," said MiHIN associate director Jeff Livesay. "Instead, our certified ethical hackers mimic the behavior and techniques of real-world bad guys and we unobtrusively try to find security holes or vulnerabilities in an organization, and then we immediately work constructively and confidentially with the organization to remediate any issues or weaknesses. MiHIN helps organizations identify holes before the real hackers find and exploit any weaknesses resulting in a costly breach."

Bingham Farms-based Ingenium LLC, one of Michigan's six sub-state Health Information Exchanges, recently took advantage of MiHIN's Shared Security Services.

Said Ingenium President John Vismara: "At first we were reluctant to undertake the MiHIN Shared Security Services assessment, but after learning how thorough and confidential the MiHIN assessment would be, we signed up for complete penetration testing, social engineering, and security awareness and training. The MiHIN assessment is the most thorough and current security testing we have undertaken and includes the latest real-world threats that real hackers use. The MiHIN security team is thoroughly professional and discrete in conducting the tests and follow-up briefings with our staff, making sure Ingenium received the maximum knowledge transfer and value from the assessment. We learned a lot and became more aware and more secure as a result of the security services introduced to us by MiHIN."

The Michigan State Medical Society recently underwent a MiHIN security assessment.

And Benjamin J. Louagie, MSMS COO, said that "MiHIN's initial probes and scans were extremely stealthy. Although Carl Richards, our director of information systems, was able to detect unusual activity very early due to our security measures, we let the MiHIN testing continue its full course to learn everything we could about potential weaknesses and new threats. As a result of the thorough and extensive after-test debriefing from MiHIN, we were able to identify additional opportunities to increase our security, particularly as it relates to health care and the very latest threats that emerge daily. MSMS is very pleased with the way MiHIN's security testing was conducted confidentially and the value we received."

To support the growth of MiHIN's Shared Security Services, MiHIN also has announced its new security director and chief security officer, Brian Seggie, who comes to MiHIN after successfully directing the security operations at Hyundai North America for the past six and a half years. Seggie's multiple award-winning accomplishments as a proven IT security and organizational leader complement MiHIN's focus and expertise on security.  Seggie has experience working with security and privacy standards in different industries including the automotive and transportation industries and will help add value to qualified data sharing organizations on behalf of MiHIN.

"One only needs to read the daily news let alone the security trade journals to know that health care information security faces ever-increasing threats and challenges as the electronic health care world rapidly emerges," Seggie said. "I look forward to applying my experience from establishing highly secure systems in other industries to help improve Michigan HIT security statewide with MiHIN to help organizations achieve the most secure level possible for Michigan families and their private health records."

Dan Lohrmann, chief security officer for Michigan state government and leader of the state Cyber Security Task Force, said: "Michigan's Cyber Security Task Force supports MiHIN's efforts to afford Michigan residents the highest possible security for their personal health information and we have played an active role in MiHIN's security and privacy working group from the start" and said further "MiHIN treats health information security very seriously."

Added Livesay: "MiHIN has placed a very high emphasis on security and privacy throughout 2012 and by adding a world-class individual like Brian Seggie to our strong professional technology team we are stepping up our game for 2013 and beyond. Brian will help MiHIN offer consistently first class Shared Security Services to all of our data sharing partners and to healthcare organizations."

The Office for the National Coordination for Health Information Technology has recognized Michigan for its focus on privacy and security.

For more information please contact security@mihin.org.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.