Chief Information Security Officer reflects on technological changes in healthcare during his 43 years at MUSC | MUSK
Richard Gadsden, Jr., has spent his life on the campus of the University of Medicine of South Carolina – literally. His father, Richard Gadsden, Sr., Ph.D., was a biochemist and clinical pathologist with a long and distinguished career at MUSC, and Gadsden, Jr., grew up on campus, hanging out in the office and laboratory of his father.
His path, however, did not lie in the laboratory but in a career then unheard of: information security. And after a distinguished career, Gadsden will retire on August 7 after 43 years at MUSC, most notably as Interim Chief Information Security Officer.
He admits to having mixed feelings about retirement right now, due to the way healthcare is about to change.
“We now have the tools to fundamentally transform the way we do our business, the way we treat patients and help them manage their health, the way we educate our students and the way we conduct our research,” said he declared. “We have the tools to make fundamental changes in the way these functions are performed, and we have the ability to imagine entirely new ways of doing business, entirely new ways of serving our customers. It really is an exciting time. I’m actually a little sad to retire! ”
“We now have the tools to fundamentally transform the way we do business, the way we treat patients and help them manage their health, the way we educate our students and the way we conduct our research. “
Richard Gadsden, Jr.
Betts Ellis, Chief of Staff of MUSC Health, congratulated Gadsden for his contributions.
“He has been a role model for MUSC’s values, including integrity, respect and teamwork,” he said. “Richard has been a stabilizing force over the years as information solutions have faced shifts in leadership, MUSC has experienced incredible growth, and the world of technology has grown more sophisticated and complex. . “
Gadsden had no intention of getting into information security. He was newly married and was finishing his math studies at the College of Charleston, which he expected to pursue with a doctorate and then a career in math education, when he got a job as a programmer. computer science at the Laboratory Information Center in 1978.
The lab was one of the first clinical departments on the MUSC campus to become automated – for example, test results go through a central computer system and are sent to the attending physician.
Gadsden had taken a few computer programming courses at CofC, but they did not immediately interest him. Writing computer programs in the real world, however, was different. Now he was solving problems for people, figuring out how to make connections. He was addicted.
At the time, there wasn’t much specialization in the field, so Gadsden ended up taking on the duties of a cable technician as well today, helping to connect the lab system in the Quadrangle A building – now the Hollings Cancer Center site – in the hospital.
“We ran cables through the elevated walkway to the hospital, down the halls and hallways and to the nursing units so that we could put green screen mute terminals in the nursing units. so that staff can see the results, ”he recalled.
From this first job as a computer programmer, he was promoted to head of university computer systems. Very quickly, IT started to change as networking spread. MUSC connected to BITNET, a network that connected universities and supported interactions such as email. Most of the early adopters, Gadsden said, were technicians exchanging information with their counterparts at other universities.
There was another turning point in computing: the introduction of the personal computer.
“Things really started to change with the introduction of the personal computer,” Gadsden said.
In the beginning, information security focused on internal security controls to ensure that no one physically on campus could access sensitive information that they were not supposed to have. But around 1990, networking meant people had to start to take a broader view of information security.
“When we first connected to the Internet, it didn’t take long for people outside the institution to break into our computer systems. The first attack I can remember was on a computer system used for biomolecular informatics research. We found out that there was someone in Sweden who seemed to log into this computer and execute commands, and we didn’t have any authorized users in Sweden, ”Gadsden recalls.
To put an end to this, MUSC installed firewalls and other controls. These days, Gadsden said, you can buy a powerful, enterprise-class firewall right off the market, and most newer devices even have firewalls built in. Back then, firewalls were more tinkered with and MUSC used open source code to create their own firewalls.
The challenges of Internet security have piqued Gadsden’s interest. There was no information security office, and no one in charge of information security, so Gadsden started to learn and do. Finally, he put together a team to coordinate this need throughout the MUSC company.
Information security has only become more complex since those early days. More and more systems have become computerized. MUSC began to expand its physical presence, first off the Charleston Peninsula into surrounding communities and now across the state. He has entered into affiliations with other hospitals and clinics. And smartphones and other internet-connected devices have become ubiquitous.
“We carry more computing power into each of our phones than there was in all of MUSC when I started working here,” Gadsden said.
The changes, Gadsden said, mean that “safety has really become everyone’s responsibility.”
Information security was in the spotlight nationwide earlier this year when Colonial Pipeline suffered a ransomware attack and gas stations up and down the East Coast ran out of gas. The CEO told Congress that the attackers were able to gain access because the VPN system in place did not require multi-factor authentication.
Health care systems have also been victims of more than 500 health establishments affected by ransomware last year. the University of Vermont Medical Center was hit in October. Executives say no personally identifiable information was taken, likely because the IT team quickly shut down all systems, including email and electronic health records. But it took a month to clean the 5,000 computers in the system, and during that time the medical staff reverted to paper records. In addition, about 300 employees were reassigned or put on leave because they could not do their jobs during the downtime, and some patient procedures were canceled or postponed.
Gadsden said everyone – employees, students and even patients – should be aware of safety. This means installing updates on time and thinking before you click. With the new federal regulations, patients now have immediate access to test results and visit reports. But, Gadsden said, patients should carefully consider how to protect this information if they pull it from the MyChart patient portal and upload it to an app or website.
“The one thing that really concerns all security professionals is the growing complexity of the environment,” he said.
Another challenge was the overnight transition to ‘working from home’ last year, after Governor Henry McMaster declared a state of emergency as the COVID-19 pandemic escalated. of information technology and security, but Gadsden said it was one that MUSC was well prepared for.
“The only thing that really concerns all security professionals is the growing complexity of the environment. ”
Richard Gadsden, Jr.
MUSC already had the basic systems in place, including VPN and two-factor authentication, that could handle the rapid addition of thousands of users, he said. There have been a few incidents, due to employees using unsecured networks, but the team is already considering the next generation of technologies to support a remote workforce even more securely, he said. declared.
Likewise, MUSC Health was in a good position with telehealth, he explained, as it already had advanced telehealth capabilities when COVID started.
As Gadsden prepares to retire, he is eager to see what lies ahead for healthcare technology. Epic, the electronic health records platform that MUSC Health uses, has been a major change for the healthcare system. However, there are disparate types of EHR systems in use across the country, and the enthusiasm of a decade ago to get them to share information has cooled a bit as people realize just how much that would be difficult. Nonetheless, Gadsden believes it will happen.
“The ability to exchange information more transparently over these national networks, between disparate systems, will continue to evolve and improve. This is one of the important things the future will bring, ”he said.
The future of Gadsden is full of possibilities. He said it will likely take him and his wife about a year to adjust to retirement, while they decide whether they want to stay in Charleston; move to western North Carolina, where they have an extended family and a second home; moving to the West Coast, where their son moved to Silicon Valley as a software engineer; or maybe move to a completely unexpected place.
Ellis said the retirement is well deserved. He highlighted the strong family legacy that Gadsden Sr. and Jr. left to MUSC.
“His father was a remarkable gentleman and dedicated nearly 50 years to MUSC. Richard is his father again, ”said Ellis. “Here we have a father and son who have collectively dedicated nearly 100 years to MUSC. I know Richard’s father looks at him with great pride. Good job.”