What's the Next Normal in Healthcare Cybersecurity?

At Fairview Health Services, he is responsible for leading the cybersecurity, governance, risk, and compliance, service delivery, network, unified communications, end-user services, compute, cloud, storage, and database teams. Prior to joining Fairview, he worked with the second-largest municipal health system in the nation 'Los Angeles County,' leading and empowering the talented IT staff within the Department of Health Services (DHS). He also had an opportunity to work at Kaiser Permanente Orange County. As a highly successful IT executive with significant experience leading technology and security initiatives in complex academic medical centers and multi-hospital healthcare settings, he strives to be a committed, transparent, and strategic thinker with a track record of quality, systematic decision making, providing transformational and business[1]focused value in this new age of the digital economy and consumerism.

How has the Healthcare industry evolved over the years, and what are some of the challenges?

Today, it's no surprise that addressing cybersecurity risk is a hot topic among senior leaders who are responsible for the financial viability and strategic success of healthcare organizations. In recent years, there has been a major increase in cyberattacks that not only disrupt healthcare organizations but also affect them financially or cause hospital operations to cease for a short period of time. We have a number of prominent healthcare systems in the country that experienced ransomware. Another concern that heightened the attention of decision-makers is Business email compromise and fraud, where cybercriminals are not only sending ransom requests but also looking for illegally diverting funds.

Most importantly, it's not just the healthcare organizations that are attacked but also the supply chain organizations that we rely on. I think that's a big concern that has escalated over the last 12 to 18 months that all healthcare organizations are spending a lot of time on trying to determine how they can best reduce organizational risk.

What are some of the best practices businesses should adopt today to steer ahead of competitors? Mention some of the technologies that exist to help mitigate such risks in the health industry?

First and foremost, ensuring that senior management is informed of any imminent threat that could have a significant financial and reputational impact on the organization.

Second, having senior management buy-in and support is important as it takes money to hire the staff, put the right technologies in place, develop a robust defense, and detect malicious activities in the technological area. Not only identifying threats but assessing environmental risk is also mandatory. It's important for all healthcare organizations to must conduct a HIPAA risk assessment or cybersecurity framework at least once a year. It gives you an objective view of risk and helps you come up with a remediation plan for what to do in terms of technology— do I need a managed security service or additional cybersecurity? It's a must for a healthcare organization to have good email protection and detection. On that note, I'd like to mention techno or capability called Email Isolation to consider for email phishing that protects your people and organization from advanced attacks. The second must-have technology is Multi-Factor Authentication (MFA), which is required for accessing e-resources or assets in the corporate network remotely. The third capability is network segmentation, which allows you to partition your internal technology network into several sections. If a bad actor manages to get access to the network, they will be unable to move freely once they're inside the castle walls.

“I Believe Detection Is Key To Stopping Cyberattacks From Happening, Whereas Prevention Is Important But Can’t Stop Everything”

A fourth capability would be the ability to attack anomalous activity in its early stages, as it's difficult to prevent all cybersecurity attacks from happening. I believe detection is key to stopping cyberattacks from happening, whereas prevention is important but can't stop everything.

Any piece of advice for industry veterans or budding entrepreneurs of the Healthcare space?

I would advise my colleagues to gain a better understanding of the complicated ecosystem that exists in the technological realm. For that, it's important to build a network to gain insight on how to simplify complexity to minimize risk. By examining all of the technology partners and vendors' strengths and weaknesses, we can simplify the smaller set of providers and their solutions to acquire a better grasp on keeping your risk management.