Collier said in a memo to employees that Habercoss promotes "sound information security principles. She has created a strong security posture through her efforts to safeguard institutional assets and enable safe use of technology applications, systems and operations."
In leading UChicago Medicine’s information security office, Habercoss will now be in charge of cyber incident response; identity and access management; information security operations; and IT governance, risk and compliance, according to Collier's memo. She will also continue to work closely with the university's biological sciences division and the privacy counterparts at the university, the memo states.
"Combining oversight of privacy and information security reflects the increasingly close collaboration between these two units," Collier said in the memo. "It also positions UChicago Medicine to better protect the safety of our patients, safeguard the data we hold and comply with evolving regulations in a more cohesive manner."
Not a Modern Healthcare subscriber? Sign up today.
In recent months, major cybersecurity issues have hit health care organizations, including the ransomware attack on UnitedHealth Group's Change Healthcare that disrupted pharmacy claims for weeks. Lurie Children's Hospital was forced to take down all of its networked electronic communications, including phone lines, for months earlier this year because of a cyberattack that leaked the data of about 800,000 people.
And in January, personal health information of about 10,300 people may have been exposed in a widespread breach of UChicago Medicine employee emails, according to an internal memo written by Habercoss.
The recent memo from Collier states UChicago Medicine uses education, training, auditing, monitoring and third-party vendor management in a compliance-based and risk-focused privacy program. The privacy office has oversight for all federal, state, and international regulatory privacy requirements, it said.
Habercoss began her career at UChicago Medicine more than 25 years ago as a clinical social worker in the department of psychiatry, Collier said in the memo, leaving to work for a health care startup and The Joint Commission before returning to UChicago Medicine in 2016. She is also chair-elect of the Association of American Medical Colleges’ Compliance Officers’ Forum and holds roles with the Health Sector Coordinating Council Cybersecurity Working Group and the Healthcare Information & Management Systems Society.
This story first appeared in Crain's Chicago Business.