When Skip Sorrels, Director of Cybersecurity with Ascension Health, tells a clinician who may be frustrated with IT that he knows what they are going through, he means it. That’s because, in a past life, Sorrels served as an ICU nurse before moving to cyber. As such, he understands what it’s like to have a […]
Q&A with Intermountain Healthcare VP/CISO Erik Decker: CPGs Will Help Organizations Clarify Their Cyber Mission
Cybersecurity in healthcare is at a tipping point, poised to move from the voluntary to the mandatory, although not quite yet. For now, it’s still up to organizations as to whether not they want to comply with any specific framework or set of best practices. Of course, demonstrating adherence to 405(d)’s HICP should get some […]
Q&A with Sutter Health SVP, Chief Integration Officer, CISO & Chief Privacy Officer Jacki Monson: The Current Approach to 3rd-Party Risk Management Must Change
It’s been said by many a CISO that they essentially function as the chief risk officer. What they are trying to say, of course, is that the job is all about understanding and communicating cyber risk. Interestingly Jacki Monson – currently Chief Integration Officer, CISO & Chief Privacy Officer at Sutter Health – once also […]
Q&A with Summa Health CISO Swathi West: “A Solid 90-Day Assessment Can Make All the Difference”
When Swathi West started at Summa Health in early 2023, she embarked on a 90-day assessment that included reviewing job descriptions, along with policies and standards. It’s an approach she heartily recommends for a number of reasons. First, in reviewing job descriptions, West founds a lack of detail that could cause confusion around roles and […]
Q&A with Yale New Haven Health Deputy CISO Trevor Brown: “Risk is a Language Clinicians Understand”
There’s an old adage that people won’t comply with the “what” if they don’t understand the “why.” For information security professionals, communicating the ‘why’ around the need for compliance with security policies has always been a challenge. Trevor Brown, Deputy CISO with Yale New Haven Health, says one of the best ways to get the […]
Q&A with UofL Health CISO Greg Peebles: For a Secure Foundation, Health Systems Must Address Technical Debt
Sure, health systems need attractive buildings, and the top physicians expect nice offices in which to work, but dollars must be found to address technical debt and the security risks that come along with it, or one’s IT house will be built on “a foundation of sand,” according to UofL CISO Greg Peebles. Of course, […]
Q&A with Texas Health Resources CISO & VP of Technology Operations Ron Mehring: “Openness & Respect are Keys to Cyber Team Success”
Q&A with Alan McHugh, Chief, FBI Cyber Division, Cyber Crime Tactical Intelligence Unit: “The Time to Call the FBI is Now”
Most CISOs understand that one of their key phone calls after a ransomware incident will be to the FBI, but what they may not appreciate is that it shouldn’t be their first to that organization. That’s because the emergency call will be much more effective, and the response much more efficient, if a relationship has […]
Q&A with Rebecca Kennis, CISO, Arnot Health: My One Number Job is Creating a Culture of Security
Email is the lifeblood of any organization, with thousands coming in every day. It’s also the number one attack vector. Unfortunately, even the best filtering tools miss between 7 and 10 percent of the spam that CISOs would love to see caught. That puts the onus on employees to manually filter the rest. It’s for […]
Q&A with Denver Health Enterprise CISO Randall “Fritz” Frietzsche: “Building Relationships & Mastering Communication are Keys to CISO Effectiveness”
Randall “Fritz” Frietzsche has been on a mission to protect and serve for a long time. Way back when, it was in traditional law enforcement as a deputy sheriff. Later, as he embraced his technical acumen, it was in cybersecurity. But Frietzsche, Enterprise CISO for Denver Health, attests that all the technical chops in the […]