CISOs Say The Need For Resiliency Remains

March 14, 2022
In a March 14 Leadership Panel at HIMSS22, cybersecurity leaders urged organizations to focus on resiliency, as they did in 2021, and gave tips for CISOs getting a seat at the table

On March 14, at HIMSS22 in Orlando, Fla., as part of the Healthcare Cybersecurity Forum, a Leadership Panel titled “CISO State of Mind” focused on what to expect in the industry during these turbulent times. The panel featured speakers Erik Decker, CISO at Intermountain Healthcare; Anahi Santiago, CISO at ChristianaCare; and Vugar Zeynalov, CISO at the Cleveland Clinic. The panel was moderated by Daimon Geopfert, principle of cyber, risks & regulation implementation & operations, PwC.

Geopfert kicked off the panel by asking the speakers, “What’s keeping you up at night?” Zeynalov said that he sleeps like a baby, “waking up every two hours to cry.” He then seriously commented that building resiliency and agility keep him up along with three other areas. “How do we do business to keep up with constantly changing and, often, competing priorities?” he adds. “The second thing is enabling the organization to grow both physically and digitally. And the third area is attracting top talent.”

Decker added that “Selling and evangelizing cybersecurity is a way of the past.” He went on to say that the demands and competing priorities are akin to a car needing to drive faster and, therefore, needing better brakes. When it comes to cybersecurity, when an organization wants to push through better innovation, it needs better cybersecurity.

Santiago said that “We're focused on really pushing out how we deliver care through virtual means. We’re doing things that really haven't been done traditionally across the industry from a security perspective and we’re figuring out how we can still fulfill our mission of protecting data—protecting technology that is no longer running on our network but instead in somebody else's house. And that doesn't absolve us of having to do the same things that we do when things are on our network.”

Geopfert then asked the speakers about how CISOs can earn a seat at the table. Decker immediately jumps in and says that “Before you can become a business leader, you have to be trusted, if not, good luck.” He added that the entire healthcare system in the U.S. is being run on digital platforms and the platforms need to be up and functioning to achieve volumes and clinical outcomes. Cybersecurity needs to rally around resiliency and patient safety as the key issues to discuss with those at the table.

Zeynalov commented, “Trust is the key to foundation, and trust means two things—right intentions and right heart and competency in delivering those intentions. The key of earing a seat at the able is trust, people don’t care what you have to say until they see you care. When dealing with clinicians, this means going out there and being there.” He added that in his role he went through all of his facilities and built trust. “Try to speak their language,” he said. “Healthcare professionals don’t speak the language of business or risk management, but they do understand liability and safety, which cybersecurity relates to very well. Try to take the training and reword it and build it into quality training and it will earn a lot of trust.”

When the panel opened up the floor for audience questions, Geopfert mentioned that many people had questions about mergers and acquisitions (M&A) and cybersecurity posture that is already there, or perhaps, is not.

Santiago said that “It goes back to building strong partnerships with your business and stakeholders.” She explained that they understand that at the end of the day when you look M&A, due diligence up front is very important—seeing cyber as its own workstream and doing due diligence on technology having its own path is key. She concluded that you should prepare to engage in an in-depth dialogue with stakeholders.

Last year, this editor reported that resiliency was also a major theme at HIMSS21 in Las Vegas. 

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...