Published 1/30/23 – When it comes to getting a healthcare organization’s cybersecurity house in order, Joshua Roth, CISO at Children’s Hospital of Orange County (CHOC), says he starts with four things: the people, the processes, the technology stack, and managed services – and then looks to tackle the low-hanging fruit. In this interview with Anthony […]
Two or three healthcare organizations a day are falling victim to a ransomware attack, according to Esmond Kane, chief information security officer (CISO), of Steward Health Care and former CISO for Harvard. The way to fight that is to use creativity, perseverance and innovation, he says. And keep in mind, the bad guys are also innovating at the same time you are. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Kane discusses the increasingly challenging role of the CISO and how he uses behavioral questions to find the right candidates for his team. Credentials and HR screening will not always reveal the best choice, but finding out how passionate someone is at their hobbies just might. And when it comes to the board, never tell them you can keep your institution 100% safe, because that’s not reality, Kane says.
Rather than thinking outside of the box, Greg Garneau, CISO at Marshfield Clinic Health System, believes it’s simply time to “start thinking in ways you’ve never thought before.” In this podcast, he talks about the “talent war” facing healthcare organizations – especially those in rural areas, and the decentralized leadership approach.
Hugo Lai says the key to CISO peace of mind is being thoughtful and conscientious, documenting steps taken, and then not worrying endlessly.
“Protecting workstations in their traditional form is not a technique that scales any longer,” says Keith Duemling, director of cybersecurity technology protection at the Cleveland Clinic. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Duemling talks about how he and his team of cybersecurity engineers have no small task tackling “the sheer magnitude and scale of security” at the clinic, which involves literally thousands of vendors. Third-party risk is a key trend to watch, but so is the increase in patient-owned devices being used for diagnostic purposes, Duemling says. “It’s really challenging because obviously you can’t deploy traditional tools onto someone’s privately owned device, but you are, to some degree, still responsible for the protection of their information, and certainly their protection when it comes to the care that they receive.” Ultimately, it requires building strong relationships in the enterprise and getting out in front of demand when it comes to IT.