As Executive Editor at HealthcareInfoSecurity, Marianne McGee focuses on health data, security and privacy issues that involve everything from federal regulations and medical device security, to patient safety issues and the impact of Artificial Intelligence (AI). This intersection between healthcare, data and security creates a fascinating – yet sometimes frustrating – field for Marianne to cover as she gathers the research and first-hand accounts of those working to protect the healthcare industry as a whole.
On the latest episode of Inside the Media Minds, Marianne and co-hosts Christine Blake and Madison Farabaugh discuss the hot topics, surprising stories and trends in healthcare IT that have stood out in the last 15 years.
The Evolution of Healthcare IT and Security
While AI in healthcare has been around for a long time, Marianne believes some of the technological advancements in this area to be quite encouraging. For instance, newer AI analytical tools are being used to find patient population trends that perhaps were unknown or incapable of being proven until now. On the flip side, Marianne compares AI usage to a chess game as both healthcare entities and cybercriminals race to leverage its capabilities to their advantage.
Beyond the surge in AI usage, ransomware’s real-life impact on healthcare and patients has been a recurring focus for Marianne, noting that true concern unfolds when ransomware attackers begin to “outpace healthcare entities and their ability to prevent, detect and respond to incidents.” She adds there is, unfortunately, still a slowness for compliance within the healthcare industry regarding cyber hygiene and patient record handling, which can be frustrating to observe from the outside looking in as a patient herself. However, increased federal attention to medical device security and HIPAA’s privacy laws in more recent years are promising trends she sees.
To learn more from Marianne’s experience observing the front lines of healthcare IT and cybersecurity, listen to the full podcast below or read the transcript!
Timestamps:
1:00 – Marianne’s Background & Journalism Career Journey
4:41 – Focus Areas and Topics of Interest for Marianne
5:40 – The Impact of AI in Healthcare
8:22 – Patient Safety Concerns from Ransomware
11:59 – Surprising HIPAA and Privacy Observations
14:37 – The Evolution of Healthcare IT
17:44 – Topics Marianne Doesn’t “Prefer” to Cover
19:32 – Marianne’s Most Memorable Story
21:32 – Career “Lessons Learned”
22:50 – Preferred Methods to Pitch Marianne
24:51 – Unique SME Perspectives Marianne Has Heard
27:04 – Joey the Golden Doodle
Miss a past episode of Inside the Media Minds and want to catch up? Check out our past episodes here!
Transcript
Christine Blake (CB): Welcome to Inside the Media Minds. This is your host, Christine Blake. This show features in depth interviews with tech reporters who share everything from their biggest pet peeves to their favorite stories. From our studio at W2 Communications, let’s go Inside the Media Minds.
Hi everyone, this is Christina Blake, the host of Inside the Media Minds. I am joined today by a co-host, Madison Farabaugh, one of my colleagues here at W2 Communications. And we are so excited to welcome Marianne McGee here to the podcast. Marianne is the Executive Editor and journalist covering health data security and privacy issues at Information Security Media Group (ISMG). Great to have you, Marianne. Thanks for coming on.
Marianne McGee (MM): Thank you for having me.
CB: All right. So we are so excited to learn more about your background. I know you’ve been covering jeez IT, and cybersecurity and technology for about 30 years and focusing on Healthcare Information Technology for about 15 years. So I’m sure you have a wealth of experience and knowledge on this space. How did you get your start, and if you can give us a quick overview of your background, that’d be really interesting.
MM: Sure, I actually started out as an education major, and this is like, I’m not gonna say the year, but it was a long time ago and then wound up changing majors into journalism. Because at the time when I was majoring in education, you know, there was 20 teachers and too few kids. There were, you know, all the advice I was getting was, yeah, you don’t want to go into teaching, there’s no jobs. So it but at that time, I actually was at college and started to work at the student newspaper. And that’s what sort of got me interested in, you know, kind of switching majors. And, you know, focusing on journalism, and you know, long story short, you know, once I graduated from college, I did the, you know, the typical stint that many journalists do, you know, covering, like community sort of news.
I was on a weekly, many of my colleagues generally, you know, spend some time at dailies. I kind of skipped that, but ended up working at a an accounting magazine for a while in New York City, and it was deadly boring. And they had me basically doing filing work. And I was there for like three weeks when I got a call from a company called CMP Publications on Long Island, which was located like five minutes from where I lived, and where I had, you know, grown up on Long Island. I’m like, “Oh, why are they calling me?” And I hadn’t remembered. I just remembered at that point that oh, God, I did, I sent a resume there. I had seen an ad in Editors and Publishers, I think, I don’t even know if that magazine’s still around and had applied for a job there for some pilot program that they were starting at the time, where they were taking four recent college grads and having them kind of rotate on some of their computer magazines. And I’m like, “Oh, God, this sounds boring. But oh, you know, why not? It’s better than having to commute into the city to this accounting magazine where I’m filing.” And, you know, from there, I just, I really loved working at this company. You know, long story short, you know, I wound up staying at the company, working at, you know, a variety of its magazines.
And, you know, ended my career there at InformationWeek, where I spent many many years writing about career issues, and IT issues until I got a call in 2012, from a former InformationWeek colleague who had taken a job a few years earlier at Information Security Media Group, and he was saying, “Oh, you know, we have an opening here for a healthcare editor.” And, you know, I sort of jumped at that chance, because I had spent, you know, the last 10-15 years in InformationWeek writing about health IT and, you know, this is sort of going into a more kind of niche area of health data, security and privacy issues, which you know, are important.
So, you know, that’s that’s how I ended up what I’m doing now. And it’s a fascinating area. You know, I’ve been doing a lot of the same sort of stories for a while, but it’s just when I stand back and look at how everything’s evolved in you know, not only in the IT industry, but in health IT, it’s really pretty fascinating.
Madison Farabaugh (MF): Yeah, that’s definitely very fascinating journey, and especially just that transition from the more general area into specifically health and healthcare IT and, just for our audience’s awareness, could you maybe elaborate on the types of topics that you typically cover now at HealthcareInfoSecurity, and maybe the most important or most interesting topics to you at the moment?
MM: Sure. I well, you know, it’s a wide range and anything that has to do with health information, security, privacy issues, you know, HIPAA, other federal regulations, you know, the attacks that we’re seeing on health care entities and the impact it’s having in some cases on on patient care, medical devices and other IoT or OT that is used in healthcare, you know, being at risk for not only compromises and attacks, but, you know, patient safety issues overall as well. AI, you know, that’s definitely a hot topic these days. And I, you know, myself as well as my colleagues are sort of, you know, also expanding our focus on AI-related issues. And mine, you know, of course, would be in the healthcare area.
CB: How are you seeing the impact of AI in that healthcare area?
MM: Well, you know, AI, you know, like, I’m starting to really kind of focus on this now as part of my beat. But you know, AI in healthcare has been around for a while, you know, for clinical decision support. AI has also been used to help radiologists read, you know, mammograms, and you know, other sorts of images that, you know, perhaps radiologists might miss.
But, you know, and the more I’ve been speaking to people, you know, over the last few weeks over the last several months, some of the work that’s going on in this area is really quite promising and fascinating. There are risks, of course, but, you know, I had a conversation just the other day with someone, and they were describing how they’re, you know, they collect EHR data from many, like dozens of the largest healthcare systems in the country. And, you know, some of the researchers that are using this data, and it’s de-identified, so the patient’s names, and other sort of identifiers are not revealed, but they’re able to kind of drill down and see things as, you know, as detailed as, you know, what sort of device was used on a patient during surgery compared to a similar device from another vendor, and which one led to less bleeding, you know, in the operating room.
So, you know, that the, the sorts of things that AI can bring to light that, you know, it would take so many man hours to try to, like, look for something like that, and this might have been even an accidental sort of finding. So, I think AI has a lot of potential on, you know, helping patients ultimately, in healthcare, you know, as long as it’s not being abused, you know, by, you know, security and privacy breaches.
CB: Yeah, no, absolutely. And I know we’re, we’ll definitely be following your coverage on that as AI becomes such a prevalent topic here in the next several years.
MM: Yeah, you know, we’re trying to kind of shed this, you put the spotlight more on some of the more interesting things that are going on with always the eye on what the risks are, too, when it comes to privacy and security.
CB: Yes, absolutely.
MF: And I’m curious, I mean, I know because AI is definitely one of those hottest topics at the moment, have you seen anything else related to that intersection of healthcare and cybersecurity, anything else that you see on the horizon between the end of this year going into 2024 that you see as a hot topic?
MM: Well, you know, ransomware attacks have been, you know, sort of the plague here for the last several years. And, you know, looking ahead, one of the things that I’m sort of dreading to write is the the story that breaks where, you know, a ransomware attack has led to deaths, you know. And there’s been some reports of, you know, there’s been a lawsuit down in Alabama a couple of years ago about, you know, a mother who was in labor and delivered her baby while a hospital was suffering a ransomware attack, and, you know, physicians did not have access to fetal monitoring, and, you know, ultimately, the baby was born with complications and then later died. That’s one case, but I’m sort of dreading the possibility that we’re going to see many other deaths and many other sorts of things that can very well be directly linked to health to a healthcare entity suffering a ransomware attack, and doctors not having access to that information.
And there’s been government studies that show that, you know, response time for patients, you know, seeking care in emergency rooms and, you know, other care, you know, there is sort of that link between delayed care caused by ransomware attacks, but I just don’t want to see anything, you know, a catastrophe. And that’s one of the things you know, I’m always kind of keeping my eye out for gosh, you know, this this organization suffered a ransomware attack, you know, it’s a small regional hospital, and the next hospital might be, you know, hours away. You don’t want to see people die or get harmed, you know, because of these attacks.
CB: Yeah, and just the implications.
MF: Right. That’s very true.
CB: Yeah, the implications of ransomware on healthcare systems, it’s like, it’s dire, it’s, it’s fatal at times. So it’s, it’s just very important to be aware of. I read one of your recent articles, and it was a research report talking about how three out of four ransomware attackers are maliciously encrypting data too. So, we’re seeing this evolution that attackers are taking, you know, just changes every day almost. What are you seeing in terms of that?
MM: Yeah, that’s, that’s, you know, definitely the case there where, you know, the ransomware attackers are getting more creative and, you know, sophisticated in their attacks on healthcare entities, as well as other organizations. But, you know, the healthcare entities are always sort of at higher risk because you do have patients, you know, lives that are at stake. You know, you have all these medical devices and, you know, special equipment that can keep people alive, you know. Not to mention, you know, diagnose things like cancer and other, you know, even urgent sorts of conditions that need to be attended to, and you really don’t want to see, you know, these ransomware attackers outpace healthcare entities and their ability to prevent and detect and respond to these incidents. And I’m afraid that’s sort of what’s happening in many cases.
CB: Yeah, that’s very alarming.
MF: Yeah, and another, another one of the kind of current focuses, and I know you’ve covered a lot of issues between security and privacy and HIPAA. I’m curious, is there something that’s been most surprising to you to learn in this area of your coverage?
MM: Well, you know, HIPAA has been around for a long time. And, you know, we’ve seen enforcement actions by the Department of Health and Human Services Office for Civil Rights, you know, and various, you know, breach cases that kind of, you know, shine a spotlight on, you know, what went wrong. And, you know, I think the thing that’s maybe frustrating as an outsider who, you know, I’m not in healthcare, but I, you know, I’m close enough to see what’s happening is that, you know, a lot of the things that healthcare entities should be, they’re just not doing, you know. And a lot of the, you know, some of it is more general cyber hygiene sorts of things. But, you know, it’s also with practices, you know.
The Department of Health and Human Services has had, I don’t know, dozens of enforcement actions against entities that have been slow and resistant to, you know, handing over a patient’s records to that patient. And so things like that, you know, that’s, that seems to me like, well, that would be a given, you know. If the patient wants their, their medical records, you know, give it to them, you know. And having so many enforcement actions against healthcare entities that still drag their feet in doing that is, you know, frustrating, and I can kind of relate to that, as a patient when you want your information, you want your information. But then yeah, the other things there are record snooping, you know, you’ll see a lot of that still, although I think you’re seeing less of that. I think there’s better monitoring to the point where, you know, if a clinician is looking at a neighbor’s record because a neighbor happened to come in the ER, they’re gonna get, you know, they’re gonna get sanctioned, potentially, or at least, you know, have their hand slapped, and it doesn’t look good. So, there’s a lot of things that still go on when it comes to the compliance angle that, you know, still kind of amazes me that, you know, entities just haven’t gotten it. Or, maybe it’s not even the institution, it’s just a couple of rogue employees that kind of mess up.
MF: Right, that makes sense. And I actually, I really like your point about how, you know, we’re, we all are also patients, too, so we can relate to some of these stories that you’re writing about, and even your point about how you’re not necessarily in healthcare, but you’ve been covering it for so long, and you’ve been paying attention to all of these developments. So I’m kind of curious, over the years and the years that you’ve been in, in covering healthcare, how have you seen the industry overall evolve? What have you seen? Maybe there’s been improvements in some areas, maybe you think there are still improvements that need to be made and other areas and curious of your opinion there?
MM: Well, you know, I, since I’ve been covering this for so long to me, you know, I have the advantage of seeing again, by covering this for years and years, decades now. Just the evolution of IT in healthcare, you know, when I started covering, and it wasn’t really part of my official beat. When I was at InformationWeek, you know, prior to coming where I am now, it was just kind of part of my beat. And, you know, the way I just started covering healthcare was because, during the administration of George W. Bush, he sort of set out this goal for Americans. And this was like in 2003 2004, to, for most Americans to have electronic health records. That it was just crazy that doctors were still relying on paper charts, and paper charts get lost. You can’t share them easily. And, you know, at that point, he had said that this goal, and there was a lot of, you know, celebration, oh, you know, we’re all going to try to adopt electronic health records. But, you know, the hospitals and the doctor offices did not have money to do that.
So then, in 2008 2009, when President Obama was in office, and we were faced with an economic crisis, you know, the banking crisis, and the High Tech Act came into law by Congress and, you know, signed into law by President Obama, it created an incentive program, a financial incentive program, the High Tech Act, meaningful use for these hospitals and doctor offices to invest in buying these systems.
So, you know, fast, fast forward to now, you know, it’s very rare to find a hospital or a doctor office, not using electronic health records. But yet, at the same time, they, you know, they’re really kind of newcomers, when you think about it. You know, versus manufacturing and other industries that have been using IT for many, many, many, many years. And, you know, as a result, you know, the security and privacy issues, you know, as much as you’ve had HIPAA for many years, you know, as law, you know, the attention that’s been paid to information security and privacy issues in the healthcare sector is really kind of recent. And it’s been kind of really been in the spotlight because of all these cyber attacks. So you know, when I look back at god, how amazing it is, and within a 20 year span, we went from paper to where we are now, where not only are most hospitals and healthcare practices using electronic health records, but they’re one of the biggest targets now for cybercriminals. Because the state is so sensitive and important. So it’s pretty amazing when I kind of step back to see how quickly, it wasn’t really that quick, but you know, in a flash of an eye, it did it did seem to really kind of change so radically, from where we were maybe 20 years ago.
CB: Yeah, it certainly seems that way. So I know you’ve talked about electronic health records, privacy, HIPAA, ransomware, are there any topics that maybe you get pitched a lot, or that you hear about that you’re kind of sick of hearing about at this point?
MM: Um, well you know not so many, not so much the pitches, but you know, and again, you know, I cover these stories because they’re important and, you know, I’m sick of the ransomware attacks. I just, I hate to see these happening to entities. But it’s sort of, you know, a fact of life now for these entities. And, you know, when you have a big attack that affects, you know, a large medical facility or rural facility or regional group of facilities, it’s really, it’s a “God, I have to write about this.” But yeah, you gotta write about it, because it’s so important, really, to kind of show what’s going on there. And what are the lessons learned.
Medical devices, I’m not sick of that, I find that to be a fascinating area, because these devices themselves are so innovative, and some of the things that they can do to help patients, but they also are targets for compromise. Although I, you know, the there’s been a lot more attention over the last few years on medical device security, and the Food and Drug Administration over the last year has had some extra authority granted to them by Congress where they can kind of, you know, either deny approval of a product because it lacks security, or, you know, tell the manufacturer to go back to the drawing board and make sure you address the security issues that we’re looking at before we will approve your product. So yeah, that I find that is more of a promising area. And so you know, when I hear about those things, it’s like, okay, good.
MF: Yeah.
MM: Something’s improving.
CB: Yeah, very true. And looking back at, you know, your 30 year career, so what has been one of your most memorable stories to write?
MM: Well, you know, I was thinking about this the other day, and I’m like, wow, you know, I guess one of the most memorable stories, you know, in a way, and this has nothing to do with healthcare and, and why it’s memorable now, is because when I compare what was happening at the time to what’s happening now, it’s like, oh, well, that’s interesting. About oh, gosh, this is like in the late 90s when I was still at InformationWeek, I had broke a story with one of my colleagues on this giant sneaker manufacturer, Addidas, having a problem with their IT systems. And I forget what exactly the problem was. But at that time, the problem was so dramatic, that they couldn’t ship some, you know, many of their speakers, and their retailers were complaining and you know, pay and their customers couldn’t get what they wanted. And it was having a big impact on the supply chain. And I’m not sure how long it went on for, you know, now, years later, it might have been going on for a few weeks.
But, I find it interesting because, you know, this is pre-internet days, pretty much. And, you know, now when you see what goes on with ransomware, you know, and how it’s disrupting businesses through cyber attacks. It was kind of like an evolution, you know, pre-internet versus today. But you know, a lot of the problems haven’t changed.
CB: That is interesting. You’re right, there’s still so many of the same problems just with different types of technology being used. Absolutely.
MF: Yeah, and just talking about how everything has evolved over the years, is there anything, Marianne, throughout your career where you’d say it was a lesson learned for you between, whether that’s covering stories, or maybe just the themes that keep coming up and up again, over the years. What really stands out to you as things that you’ve learned throughout your career?
MM: Well, you know, I think part of it is, you know, maybe the practices of the job, you know, don’t don’t burn your bridges, treat people respectfully. You know, you don’t know when a source that you’re, you know, you’re talking to for one story may be very helpful for something down the line that you really, you know, you couldn’t really envision to be the case, at that time. I’m not really a “gotcha” type of reporter or journalist.
And, you know, I think, you know, in terms of longevity, and, you know, keeping your connections and trying to have, and you know, again, something that not all stories are positive stories, not all stories are good, people don’t like reading bad news about themselves. But you try to do with an eye on being respectful. And I think, you know, when it comes to doing the job of a journalist, that’s important because, you know, a source might not like what you write about them because it’s, you know, maybe embarrassing, or it’s, you know, damaging, but you can still treat people in a decent manner where it’s not personal.
MF: Right, that’s definitely important that, that balance between valuing the truth, but also reporting on it in a respectful way. That’s great.
CB: And I think we have just a couple of minutes for a few listener questions that came in for you, Marianne. So the first one is, how do you prefer to be pitched? And do you have any best practices for organizations or PR folks looking to work with you?
MM: Um, you know, I email is fine. You know, in terms of method.. When I get a pitch, if there is a, of course everyone loves exclusives.
CB: Mhm.
MM: But you know, for me, you know, when it comes to the healthcare angle, if there is, for instance, a new technology or something, or do you have a customer that you can refer me to, that hasn’t already been talking to other media outlets about what they’re doing, something that’s, you know, either different or unique, or, you know, kind of cutting edge. Or, you know, something that is an example of, you know, a solution that could help others that, you know, maybe people are just not aware of. So, you know, always having that sort of user, you know, whether it’s a healthcare organization or, you know, the others that are familiar with a new technology willing to talk about it.
And I know that a lot of companies don’t like to talk about how they’re using technology because it gives them an advantage, you know, and they also don’t want to become a target for that matter. But whenever there is some sort of face that you could put on a story, that’s always helpful. And then that’s what I kind of look for. That’s sort of generally you know, that what catches my eye often.
CB: Yeah, good to know. End users, I think always beneficial to speak to people who are actually experiencing the technology working at the organization, so definitely good insight that we’ll keep in mind. And then the last listener question, what are are two to three maybe unique or interesting takes you’ve heard from subject matter experts on, whether it’s AI in healthcare, or just healthcare security in general?
MM: Oh, well, I think when it comes to the AI, I kind of go back to the conversation I had the other day with, you know, the person who was describing how AI is helping to uncover, you know, clinical sort of observations that could help, you know, in care decisions or in, you know, technology development, you know, whether it’s, you know, certain devices being more effective or safer for for certain kinds of patients, or, you know, efforts where AI is being used to try to help address patients that might have unusual or not commonly found diseases, you know. Often, it seems that some of these analytical tools are being used to sort of find trends within patient populations that perhaps were not known before, or, you know, you really didn’t have your hands on it. Maybe the researchers had a gut feeling, but they couldn’t prove it, but now they can, and now they can find a potential clinical trial participants, you know, those sorts of things.
And then that, you know, away from the data security and privacy issues, I think when it comes to AI, those are the things I find, you know, very interesting and promising. When it comes to the security and privacy side, you also have to see how AI could be used that for a disadvantage, you know, by the attackers and the cyber criminals, and, you know, in terms of the attacks, and you know, the deep fakes and, you know, AI-enhanced phishing and all that sort of thing. So it’s sort of a, you know, it’s a game, you know, it’s like a chess game, you know. The healthcare entities want to use AI to their advantage, but in the meantime, you have the bad guys also using AI for their advantage.
CB: Very true. That’s a good point. Great, and then we always like to close with a little bit more of a personal question. We know that you’re based in Boston area. Anything else that listeners may not know about you, things you’d like to do outside of your work as a journalist and editor?
MM: Oh well. Well, let’s see, I’m an empty nester with my husband. We have three grown children who actually moved to New York. They all live individually, but they all flew the nest went to New York. So you know, our child these days is our golden doodle.
CB: Awww.
MM: He’s got a bad case of separation anxiety, you know, he’s a pandemic dog. So weekends, we have to take him with us pretty much everywhere unless we decide to bring him to the daycare center, because if you leave him home alone, he gets into a lot of trouble.
CB: Oh my gosh, what’s his name?
MM: Joey.
CB: Joey, aw. Joey just likes to be part of the family.
MM: Part of the family. He loves going in the car. So it’s like, you know, my free time seems to involve the dog.
CB: I love that. Not quite an empty nester, then.
MM: Right, right. That’s true.
CB: Well, Marianne, it’s been so great to get to know you a little bit better and to hear more about some of the topics you’re covering. Really appreciate you taking the time to come on the podcast this afternoon. And thanks, Madison, as well for jumping in as a co-host today. And thanks everyone who’s listening to Inside the Media Minds. Please follow us on Twitter and LinkedIn and stay tuned for our next episode. Thank you.