Informatics Research Seminar: Cyber Security Trends in Healthcare: Threats, Regulations, and Best Practices

January 15 @ 4:00 – 5:00 pm

Speaker: Chuck Kesler, MBA, CISSP, CISM, PMP
Presented from Duke University


Broadcast Link: Seminar


Over the past decade, information technology has been transforming how healthcare is delivered. While the move to electronic health records promises to greatly improve the healthcare experience for providers and patients alike, it also introduces a new set of challenges around securing this vital information from malicious and accidental disclosures. And like the transformation in healthcare, cyber security threats have also been evolving with increasingly more sophisticated attack methods that are often difficult to detect. Unfortunately, all healthcare organizations are under attack, and the challenge is to find a balance of security controls that protect the data while still enabling providers to effectively care for patients. This talk will examine how and why healthcare information is targeted by attackers, how the cyber security threat landscape has affected legislation such as HIPAA, Meaningful Use, and the Final Omnibus Rule, and how everyone in a healthcare organization has a role to play in protecting patient data.


As Chief Information Security Officer (CISO) for Duke Medicine, Chuck Kesler leads the organization’s Information Security Office, which provides information security services for all Duke University Health System entities, as well as academic departments, centers, and research institutes in the University’s Schools of Medicine and Nursing. He is responsible for establishing and managing all aspects of Duke Medicine’s information security program, including security strategy and governance, IT risk management, security policies, security awareness, vulnerability management, security event monitoring, and incident response. He also collaborates closely with the University’s IT Security Office to ensure a tight alignment between the Duke Medicine and University information security programs. Chuck has over 25 years of information technology and security experience. Prior to joining Duke Medicine in November 2011, he served as the senior manager for Symantec Corporation’s Security Advisory Services consulting practice in the US. In this role, Chuck managed a team of over 15 security professionals who provided strategic security assessment and management services for large enterprise clients in a variety of industries, including healthcare and life sciences. His previous roles have included IT management and technical leadership positions with MCNC, which operates the North Carolina Research and Education Network (NCREN), North Carolina State University, and Interpath Communications. Chuck holds an MBA and B.S. in Physics from North Carolina State University, and is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Project Management Professional (PMP).