When Swathi West started at Summa Health in early 2023, she embarked on a 90-day assessment that included reviewing job descriptions, along with policies and standards. It’s an approach she heartily recommends for a number of reasons. First, in reviewing job descriptions, West founds a lack of detail that could cause confusion around roles and […]
Q&A with Yale New Haven Health Deputy CISO Trevor Brown: “Risk is a Language Clinicians Understand”
There’s an old adage that people won’t comply with the “what” if they don’t understand the “why.” For information security professionals, communicating the ‘why’ around the need for compliance with security policies has always been a challenge. Trevor Brown, Deputy CISO with Yale New Haven Health, says one of the best ways to get the […]
Q&A with UofL Health CISO Greg Peebles: For a Secure Foundation, Health Systems Must Address Technical Debt
Sure, health systems need attractive buildings, and the top physicians expect nice offices in which to work, but dollars must be found to address technical debt and the security risks that come along with it, or one’s IT house will be built on “a foundation of sand,” according to UofL CISO Greg Peebles. Of course, […]
Q&A with Texas Health Resources CISO & VP of Technology Operations Ron Mehring: “Openness & Respect are Keys to Cyber Team Success”
Q&A with Alan McHugh, Chief, FBI Cyber Division, Cyber Crime Tactical Intelligence Unit: “The Time to Call the FBI is Now”
Most CISOs understand that one of their key phone calls after a ransomware incident will be to the FBI, but what they may not appreciate is that it shouldn’t be their first to that organization. That’s because the emergency call will be much more effective, and the response much more efficient, if a relationship has […]
Q&A with Rebecca Kennis, CISO, Arnot Health: My One Number Job is Creating a Culture of Security
Email is the lifeblood of any organization, with thousands coming in every day. It’s also the number one attack vector. Unfortunately, even the best filtering tools miss between 7 and 10 percent of the spam that CISOs would love to see caught. That puts the onus on employees to manually filter the rest. It’s for […]
Q&A with Denver Health Enterprise CISO Randall “Fritz” Frietzsche: “Building Relationships & Mastering Communication are Keys to CISO Effectiveness”
Randall “Fritz” Frietzsche has been on a mission to protect and serve for a long time. Way back when, it was in traditional law enforcement as a deputy sheriff. Later, as he embraced his technical acumen, it was in cybersecurity. But Frietzsche, Enterprise CISO for Denver Health, attests that all the technical chops in the […]
Q&A with Eric Liederman, MD, National Leader, Privacy, Security & IT Infrastructure, The Permanente Federation: “Cyber Leaders & Clinicians Must Work Together”
The more you know about your customer, the better you can serve them. And that definitely goes for health system CISOs trying to serve (and protect) their clinician customers. As Dr. Eric Liederman says, it’s not that hard to lock things down; what’s trickier is putting in place as much protection and risk mitigation as […]
Q&A with WellSpan Health Director of Information Security Mike Shrader: “Empathy & Collaboration Go a Long Way”
It may be a cliché, but for security leaders, knowledge is definitely power. And that knowledge must come from a number of directions. First off, CISOs and their teams must be ingesting the latest threat intelligence to know what the bad guys are up to, but that information can only be acted upon in a […]
Q&A with Health-ISAC President Denise Anderson: “Sharing Cyber Incidents Makes Us All Stronger”
Though sharing information with other health systems may not be a priority for leadership teams working through a breach, it is, ironically, one of the most important actions organizations can take for their peers, according to Denise Anderson, President of Health ISAC. That’s because, as she puts it, “one person’s defense will become everyone else’s […]