By CereCore | May 3, 2024
4 minute read EHR/EMR| Blog| IT Advisory| IT Strategy
Cyber criminals only have to be right once to wreak havoc. In healthcare, we have to be right 100% of the time to manage the risk of cyberattack. In a recent interview on the CereCore Podcast, Phil Sobol, Vice President of Business Development talked to Darcy Corcoran, Principal for Cybersecurity Advisory Services about the cybersecurity must haves and the often-overlooked aspects of considering AI use cases in healthcare. Darcy employs her extensive background in the Department of Defense and work with NATO and the Pentagon to inform organization-specific tactics and industry best practices offering thoughts on cybersecurity in healthcare through lens of extensive cybersecurity background in defense.
Cybersecurity must haves
As for the must haves, Darcy maintains it’s important for an organization to define a clear, strategic vision and to empower technology organizations and their partners to build a plan that aligns with that strategy and defends it. Ultimately, everything a security organization does should align to that strategy, so the vision is executed every day. Leaders have an important role in defining the vision and ensuring the execution.
Patients need to trust and have reasonable assurance that healthcare technology is going to keep their data safe and private. And at the same time, physicians need to know data is reliable, secure, and resilient. For healthcare’s cybersecurity teams this means making a malicious act on their organization so cost prohibitive that they move on to find a softer target.
Threat intelligence is an important factor in determining cybersecurity strategy, and a lot of general threat intelligence information today lacks the perspective of your organization’s attractiveness to malicious actors. Healthcare organizations need to be able to provide context to their threat intelligence thread and then draw a line to where it should be incorporated into your defense strategy. Reactive network defense strategies focus on fortifications, and boundaries and react in similar fashion to all of the detected threats. That's not only an expensive proposition, it's exhausting, and it just might not even be as effective as an informed defense posture with context of the threats.
A fundamental shift in focus for cybersecurity
In fact, according to Darcy, a fundamental shift is needed from hyper focus on managing governance, risk, and compliance (GRC) duties to an organized common operational picture that integrates everything into a concerted operational view to defend against persistent, sophisticated, competent criminal enterprise.
To that end, these are three areas to consider:
AI considerations leaders may overlook
AI has made some incredible advances in expanding the effectiveness of primary care providers, streamlining access to care, and helping to address burnout. It’s time, if you haven’t, to embrace the change AI brings. The biggest risk AI poses to an organization is when there’s a lack of understanding about how the technology works. Consider these:
In cybersecurity, we always try to balance the equities of the operational needs against things like data quality, privacy, security, and ethics. As we try to balance all those equities, we can’t have a denial of service internally because our policies are so strict that nobody can do anything. But at the same time, we must do our best to protect the very important things that we are charged with protecting.
Get started with a cybersecurity assessment for your organization.
For more on Cybersecurity Advisory Services, check out these resources.
Hear perspectives from other healthcare leaders on The CereCore Podcast:
Kim Waters, Principal Consultant of Revenue Cycle at CereCore
ListenBob Gronberg, Assistant Vice President of MEDITECH Professional Services; John Walsh, Manager of MEDITECH Professional Services; and Stephanie Murray, Senior Director of Epic Services at CereCore
ListenIsmelda Garza, CIO at Cuero Regional Hospital and Senior Consultant at CereCore
ListenShahzad Fakhar, Vice President Field Operations – Information Technology Group at HCA Healthcare
ListenDr. Charles Bell, Physician Advisor at CereCore
ListenLynn Falcone, Chief Executive Officer at Cuero Regional Hospital
ListenCory Lane, Director of Operations at OakLeaf Surgical Hospital
ListenMatt Connor, Chief Information Officer at Liverpool Women's NHS Foundation Trust
ListenAnne Hargrave-Thomas, Chief Executive Officer at OakLeaf Surgical Hospital and Vice President of Operations at Surgery Partners
ListenKevin McDonald, Chief Information Officer at HCA Healthcare’s South Atlantic division
ListenAl Smith, Senior Vice President and Chief Information Officer at Lifepoint Health
ListenRichard “Rick” Keller, Senior Vice President and Chief Information Officer at Ardent Health Services
ListenL. Austin Fredrickson, MD, Board Certified, General Internist at Salem Regional Medical Center
ListenThomas Kurtz, Ph.D., Chief Administrative Officer at Memorial Healthcare
ListenVarun Gadhok, Chief Information Officer at Surgery Partners
ListenDon't miss an episode of insights from healthcare IT leaders and experts. Subscribe to the podcast on Spotify or Google Play. Share what you've learned with your network, too.
CereCore® provides IT services that make it easier for you to
CereCore® provides IT services that make it easier for you to
A highly customized EHR in need of costly updates challenged the new CIO at Oklahoma Heart Hospital to evaluate the technology stack he inherited and chart a new course at this award-winning...
Nayan Patel, chief information officer at Upson Regional Medical Center, sat down with Phil Sobol, chief commercial officer and host of The CereCore Podcast, and shared how he has fine-tuned an...
“Early detection of disease is a way of both curing patients and delivering better healthcare, but also scaling our physicians,” said Ajai Sehgal, Chief Data and Analytics Officer at Mayo Clinic, in...
Let us know how we can support your initiatives and take some of the heavy lifting from healthcare IT.
© All Rights Reserved CereCore Terms of Service California Notice at Collection Privacy Policy Responsible Disclosure