With cyber incidents a question of if, not when; fast detection and a smooth, coherent response are critical to minimizing the impact on patient care, according to panelists who participated in a recent healthsystemCIO Webinar, “Examining Cyber’s Role in the Development of Business Continuity Plans that Strengthen Operational Resilience.”
The panel included Julian Mihai, CISO at Penn Medicine; Adam Zoller, CISO at Providence; Paul Curylo, CISO at Inova Health System; and Jerry Mancini, Senior Director, Office of the CTO, NETSCOUT. Their insights underscored the importance of collaboration, clear planning, and continuous improvement in the face of ever-evolving threats.
The Role of the CISO in Business Resiliency
The discussion began by exploring the CISO’s role in maintaining clinical operations during cyber incidents.
Mihai emphasized that partnerships within organizations are the foundation of success. “What became really successful for us was establishing that partnership where cybersecurity and business resilience collaborate with clinical operations and emergency management teams,” he explained. This integrated approach, he added, ensures preparedness for complex events like ransomware attacks, where IT systems may need to be taken offline temporarily.
Zoller expanded on the multifaceted role of the CISO, noting that effective risk management requires treating cyber threats like any other business risk. “Cyber risk is just another risk domain, similar to financial or physical risks. The key is applying an industry-standard risk matrix to prioritize and address these threats,” he stated.
Zoller also highlighted the importance of aligning IT disaster recovery frameworks with business continuity goals. This ensures that critical systems are prioritized during recovery efforts, enabling patient care to continue with minimal disruption.
A sobering reminder was added by Curylo: “There will be a period of time when digital resources are simply unavailable. Whether it’s 30 minutes or six weeks, leaders must prepare to operate in the absence of these tools.” His advice underscores the need for proactive planning to prevent critical service interruptions, such as ambulance diversions or canceled surgeries.
Collaborating for Preparedness
One of the major themes throughout the discussion was the necessity of collaboration across all levels of a health system. Cybersecurity cannot operate in a silo; success requires partnership with clinical, operational, and executive teams.
Curylo described the CISO’s role as that of an advisor, helping operational leaders anticipate and address potential vulnerabilities: “Preparation is where the CISO’s role is most effective. It’s about helping leaders understand how to operate without digital resources and identifying single points of failure.”
Emphasizing that a lack of alignment between IT, clinical operations, and other teams can create significant friction during crises, Mancini stated: “Different priorities can lead to delays and missteps. Leadership must align teams around shared objectives, supported by clear communication and accurate data,” he said.
Mihai highlighted a critical barrier to success: the assumption that cybersecurity is solely an IT responsibility. “So many business continuity efforts fail because they’re treated as IT-only projects. Securing buy-in from clinical leadership is paramount to gaining system-wide engagement.” At Penn Medicine, this top-down support has enabled the organization to embed resilience planning into its broader operational strategy, ensuring buy-in at every level.
The Importance of Practice and Simulation
Preparation goes beyond planning; it requires practice. The panelists agreed that organizations must conduct regular drills to refine their response strategies.
Zoller recommended tabletop exercises as an essential tool: “The best time to practice your plans is during peacetime, not wartime. Test failover capabilities and refine processes when you’re not under attack,” he advised.
Expanding on this, Mihai noted that simulations at Penn Medicine include technical drills and broader collaborative exercises: “We’ve done regional simulations with other healthcare systems to learn from each other and ensure cohesive response strategies. These exercises expose gaps and build the muscle memory needed for effective responses.”
Bridging Gaps Between IT and Operations
Despite the clear benefits of collaboration, aligning priorities between IT and operational teams can be challenging.
Mancini noted that different teams often use disparate tools and data, leading to fragmented efforts: “Leadership must ensure that teams are not only aligned in priorities but also working from a unified set of information. This reduces friction and improves response efficiency.”
Echoing this sentiment, Zoller emphasized that involving operational leaders in governance processes builds trust and accountability. “By giving operational leaders a seat at the table, they gain ownership of the process. This collaboration ensures solutions are practical and widely adopted.”
Achieving Rapid Detection and Response
A rapid response to cyber incidents hinges on early detection. The panelists stressed the importance of comprehensive visibility and robust tools.
Mihai highlighted the often-overlooked role of employees in identifying threats: “Many incidents are first flagged by employees noticing something unusual. Building a culture where staff feel empowered to report concerns can be a game-changer.”
Mancini pointed out that advanced tools like AI are increasingly being used to identify anomalies: “AI can help sift through vast amounts of data, identifying patterns faster than manual methods. However, it must be complemented by human oversight to interpret the results effectively.”
While optimistic about the potential of AI, Zoller cautioned against overreliance: “The basics — patch management, multifactor authentication, and endpoint protection — still eliminate the majority of risks. AI is promising but not yet a substitute for these fundamentals.”
The Human Factor in Cybersecurity
Throughout the discussion, the panelists emphasized the human element of cybersecurity.
Mihai described successful cybersecurity leadership as a mix of technical expertise and relationship-building: “Ultimately, it’s about stepping up as a senior leader to establish partnerships and influence stakeholders across the organization. You can’t simply play defense and hope for the best.”
Echoing this, Curylo highlighed the value of transparency and vulnerability: “This is a people game. Build relationships, be transparent, and foster trust. Those connections will make or break your response during a crisis.”
Actionable Advice for Health System Leaders
As the session concluded, each panelist shared advice for healthcare leaders striving to enhance their resilience.
Zoller provided a pragmatic perspective: “This is a huge area with many moving parts. The good news is you don’t have to solve everything at once. Break the problem into manageable pieces and involve the business in every step.”
A critical reminder was added by Mihai: “Don’t overlook the importance of practicing your plans. Testing response strategies during peacetime builds confidence and ensures you’re ready for the real thing.”
The insights shared by these industry leaders highlight the multifaceted nature of cybersecurity in health systems. It is not just about technology but also about relationships, strategic planning, and resilience.
As Mihai put it, “Success comes from stepping up as a leader and influencing all partners in the ecosystem.”
Watch, “Examining Cyber’s Role in the Development of Business Continuity Plans that Strengthen Operational Resilience,” here.
Share Your Thoughts
You must be logged in to post a comment.