If burglars were consistently entering houses in your neighborhood though the back door, it wouldn’t make much sense to spend the majority of your home defense budget fortifying the windows. According to Ryan Witt, VP of Industry Solutions, Healthcare, for Proofpoint, figuring out where to spend your cybersecurity budget should work much the same way. And speaking of healthcare, he notes that the more things change, the more they stay the same, with phishing consistently being a top attack vector for the past decade. Why? According to Witt, because it works. But there are ways to give you a better chance of fending off the bad guys. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Witt talks about some strategies for defense, what to do (and not do) post credential compromise, and why convincing users that IT security is on their side is so important.
healthsystemCIO.com
Q&A with Intermountain Healthcare VP/CISO Erik Decker: CPGs Will Help Organizations Clarify Their Cyber Mission
Cybersecurity in healthcare is at a tipping point, poised to move from the voluntary to the mandatory, although not quite yet. For now, it’s still up to organizations as to whether not they want to comply with any specific framework or set of best practices. Of course, demonstrating adherence to 405(d)’s HICP should get some […]
Managing Insider Threats in an Era of Remote Workers & Increased Turnover
IT executives have always had a challenging time ensuring their users were operating securely; but since the Covid pandemic larger workforce trends have seen those challenges multiply. Those trends include fully remote work, a gig economy that sometimes involves the use of short-timers like traveling nurses, and an overall trend of higher turnover and staff fluidity. In such an environment, it’s no wonder that insider threats are top of mind for security professionals. So how can CIOs and CISOs make sure a fox hasn’t made it into the hen house, or even that unintentional but inappropriate access is identified and addressed? In this timely webinar, we’ll hear from leaders who are leveraging technology, governance and relationships to ensure that a fluid workforce doesn’t equate to a high risk one.
Q&A with Sutter Health SVP, Chief Integration Officer, CISO & Chief Privacy Officer Jacki Monson: The Current Approach to 3rd-Party Risk Management Must Change
It’s been said by many a CISO that they essentially function as the chief risk officer. What they are trying to say, of course, is that the job is all about understanding and communicating cyber risk. Interestingly Jacki Monson – currently Chief Integration Officer, CISO & Chief Privacy Officer at Sutter Health – once also […]
Q&A with KSB Hospital CIO Ray Sharp: “As a Small Organization, You Can’t Afford to Make Blunders.”
No matter the size or scope of an organization, “you still need to have boots on the ground in IT,” says Ray Sharp, CIO at Katherine Shaw Bethea Hospital. In this interview, he talks about the value of rounding, the pros and cons of being a community health organization, and what he learned by spending time outside of healthcare.
Q&A with Summa Health CISO Swathi West: “A Solid 90-Day Assessment Can Make All the Difference”
When Swathi West started at Summa Health in early 2023, she embarked on a 90-day assessment that included reviewing job descriptions, along with policies and standards. It’s an approach she heartily recommends for a number of reasons. First, in reviewing job descriptions, West founds a lack of detail that could cause confusion around roles and […]
No Margin, No Mission – Optimizing CIO-CFO Relations
Having risen through the IT ranks (often coming out of infrastructure or networking), CIOs know technology inside and out, but when they do hit the C-suite, there is another skill and relationship that is almost as important in determining success — and that’s the understanding of finance and their relationship with the CFO. So what financial chops do CIOs need; and what are the keys to making this relationship work for the benefit of all. In this important webinar, we’ll hear from IT leaders who have made their understanding of the numbers a top priority.
Q&A with Yale New Haven Health Deputy CISO Trevor Brown: “Risk is a Language Clinicians Understand”
There’s an old adage that people won’t comply with the “what” if they don’t understand the “why.” For information security professionals, communicating the ‘why’ around the need for compliance with security policies has always been a challenge. Trevor Brown, Deputy CISO with Yale New Haven Health, says one of the best ways to get the […]
Q&A with UofL Health CISO Greg Peebles: For a Secure Foundation, Health Systems Must Address Technical Debt
Sure, health systems need attractive buildings, and the top physicians expect nice offices in which to work, but dollars must be found to address technical debt and the security risks that come along with it, or one’s IT house will be built on “a foundation of sand,” according to UofL CISO Greg Peebles. Of course, […]
“Technology Isn’t the Barrier”: Q&A with Robbie Freeman, CNIO, Mount Sinai Health System
It’s nearly impossible not to get caught up in the excitement around digital tools and AI, but if the right approach isn’t taken, it could be all for naught, according to Robbie Freeman, CNIO at Mount Sinai. In this interview, he talks about his team’s strategy to “get it right on a small scale” before going too big.