VP of Global Enterprise Information Security
Healthcare has many connected points- a much larger attack surface than any other vertical. Confidential patient data is often accessible to multiple care providers, both in clinical/research settings and online, and through different devices. Patient care takes precedence over security. Organizations need to establish holistic risk management programs that safeguard electronic health information along with other sensitive and proprietary data.
Security involves a deliberate, multi-layered approach across payers, providers and medical suppliers. This includes process improvement, user training, and better integrating existing technologies. Basic cyber hygiene is at the core including: blocking and tackling, firewall logging, password protection, access management, email security and authentication controls. Some emerging cyber tools enhance productivity, (which includes single-sign on to control access and identity management) -- and simplifies workflows and increase time on work tasks.
Executives must learn and keep in balance the interests of stakeholders, the mission, asset value and the real impact of an attack. Breaches will happen; the focus needs to be how the organization should minimize disruptions, handle ransomware and other attacks including proactive incident response and business continuity measures. Efforts to automate include integrating emerging technologies with existing security tools and bolstering processes to protect from human errors and insider threats. Executives must convey security is a continued enterprise investment.