In an era where clinicians increasingly operate from diverse locations, using a variety of devices under different internet conditions, the importance of web browser security has never been more pronounced. John Frushour, vice president and Chief Information Security Officer (CISO) at New York Presbyterian Hospital, emphasized the need to address these security concerns, especially as clinicians often rely on devices that are not managed or monitored by the hospital. As these professionals access hospital services through potentially untrusted devices, ensuring the security of these interactions becomes crucial.
A pivotal initiative at New York Presbyterian is the Community Connect program, which extends the hospital’s electronic health records to external clinicians using their personal equipment. This program not only assists in integrating new patients into the hospital’s system but also highlights the critical role of web browser security. Frushour notes the inherent risks of accommodating untrusted devices and suggests that employing a managed web browser could provide a streamlined and controlled approach to secure web services.
During a conversation at the Healthcare Information and Management Systems Society 2025 conference in Las Vegas, Frushour elaborated on the potential benefits of managed web browser security. He explained how it could mitigate risks related to cyber incidents and data breaches. Additionally, he touched upon the cyber threats associated with medical imaging equipment and the complexities of managing software bills of materials in medical and biomedical technology.
The discussion also covered a range of cybersecurity initiatives at New York Presbyterian. These include the microsegmentation of biomedical devices to enhance security, the implementation of password-less authentication methods, and the integration of physical badge and biometric access controls. Each of these efforts is part of a broader strategy to safeguard sensitive information and maintain the integrity of the hospital’s technological infrastructure.
Frushour, who joined New York Presbyterian in 2016, brings a wealth of experience from his previous roles in security management at technology firms such as Nuance, where he served as the director of security operations. His background also includes significant technology management positions within the U.S. Marine Corps, providing a robust foundation for his current responsibilities. As a member of the CyberEdBoard, Frushour continues to contribute to the evolving landscape of cybersecurity in healthcare.