8 Insights for Aligning Cybersecurity with the Culture of Healthcare

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Healthcare systems and hospitals are in the business of saving lives. As such, their budgets prioritize staff, programs and equipment that are directly related to that goal. Consequently, cybersecurity tends to rank much further down on the long list of competing demands.

Yet that may be beginning to change. Instead of using the fear of threats and adversaries to make the case to prioritize cybersecurity in healthcare, some creative problems solvers are nesting security goals with healthcare priorities.

It’s an intriguing notion, so we set out to look for statements and viewpoints by healthcare security professionals along these lines in the public domain. What we found follows below.

1) Align cybersecurity with patient safety

The healthcare community has underinvested in cybersecurity for a long time. A long list of high profile and costly security incidents in healthcare hasn’t persuaded the top brass to invest more either. To make the case, security pros working in healthcare may do well to tap into the culture.

“Cybersecurity is, like it or not, a primary component of patient safety now. Forget confidentiality breaches. That battle is already lost several times over, the new battle lines are over availability – resiliency to withstand an attack – and the integrity of health data.”


“To beef up your security program, you have to solve the human behavior problem. That means turning the culture upside down and thinking about security as aggressively as many hospitals focus on handwashing. That same effort has to be there for every employee.”

Sources: Richard Staynings, chief security strategist, Cyber Associates, and a HIMSS Cybersecurity Committee member; and David Chou, VP and principal analyst, Constellation Research; Why information security should be every hospital CEO’s No. 2 priority (at least right now) by Tom Sullivan in Healthcare IT News.

2) System patches and updates are like preventative medicine

One of the most predominate terms in cybersecurity recognized in the consumer lexicon was the word “virus.” It’s an analogy that could help the healthcare community understand the relationship between patient safety and cybersecurity:

“When a caregiver gives care, they must be current on flu shots and vaccines. It’s not an option. It’s a condition of employment. It means that the caregiver is protected to the best ability that we can. In the cyber world, it’s the same. Your networks, laptops and servers, how are you protecting them?”

Source: Karl West, CISO, Intermountain Healthcare; Intermountain CISO West: Cybersecurity for revenue cycle should be a KPI by Beth Jones Sanborn in Healthcare Finance.

3) The changing role of the CISO in healthcare

The role of the CISO has evolved over time. Business skills, particularly the ability to translate the effects of technology into the language of business, so the C-Suite and board of directors can understand. One CISO in healthcare categorizes the role into three areas – technical skills, focus (prevention and detection), and business communications.

Technical skills:

“It’s important to have a solid technical background but as recent years have shown, having a strategic, balanced approach to security is extremely important. It is critical to understand your organization’s threat landscape.”

Prevention and detection:

“Cyber threats in healthcare are real and spending your time focusing on how to prevent as well as detect [them] is critical. While I spend a large portion of my time working through our risk management processes and the associated projects, it is also extremely important to focus on strategy.”

Business communications:

“Understanding the impact of security to healthcare providers as well as patient care is significant if you want to get engagement at all levels. I spend a lot of time taking very technical security controls and metrics and turning them into meaningful business analytics that can be discussed and balanced with business need, cost, risk appetite, etc.”

Source: Sheryl Rose, CISO and senior vice president, Catholic Health Initiatives; source: Why Catholic Health Initiatives’ CISO says awareness training is pivotal in hospital cybersecurity by Jackie Drees in Becker’s Health IT & CIO Report.

>>> Read the five remaining insights here: Aligning Security with Patient Safety: 8 Insights for Healthcare Cybersecurity by Healthcare Cybersecurity Pros

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?