Navigating Healthcare Security In A Changing Landscape

1. The Chapters Health Carecentrium Environment Recently Earned Certified Status For Information Security By Hitrust. Tell Us What This Means To You And Your Team.

a. We are all very proud of obtaining this certification. Achieving this was a collaborative effort between the security team and numerous other groups across the organization, finally crossing the finish line was a huge relief. It reflects our organizations dedication to building a robust and reliable security program to protect the information of our patients and employees.

2. In Your Opinion, What Are Some Of The Biggest Threats To Healthcare Security Today?

a. In the healthcare sector, unfortunately I expect Ransomware to continue its trend of being a major threat. It can wreak havoc on an organization’s reputation, finances, and operational capabilities. And if that wasn’t enough, in healthcare it typically adds a data breach notification along with it. Additionally, phishing and malware will continue to be problematic across the board for all industries.

3. Healthcare Security Is Always Changing. As The Threat Landscape Changes, So Must The Measures That Guard Against Them. How Do You See Companies, Like Chapters Health, Changing To Meet New Threats?

a. As we worked to mature our security program, flexibility was a key component of that process. The threat landscape will continue to change, and we need to be able to adapt to those changes. One example of that was a change in how we purchase/implement certain security related services.

There has been a shift away from long term, locked in contracts, to shorter engagements with providers to allow for flexibility should that landscape change.

4. What Are Some Of The Biggest Trends You’re Noticing In Information Security Today?

a. There are a lot of buzz words and acronyms for various technologies out there and depending on which vendors you engage with, your view of what is the top trends today will be change. But what I’ve seen from engaging with my peers is an effort to do more with less. With many predicting the onset of a recession in 2023, there has been a lot of talk around optimizing spending and existing tools. I expect there will be a focus around existing budget spend and ensure it is properly implemented and that it is providing value or the expected risk mitigations.

5. Federal Guidelines And Regulations Play A Critical Part In How Companies Change To Protect Sensitive Information. How Has Chapters Health Changed To Meet Those Guidelines?

a. Ensuring that Chapters Health meets these various guidelines and regulations is a top priority. The efforts our team put in to meet HITRUST requirements, also allowed us to build a program where we can readily track, document, and validate we meet other requirements as needed. With protection of the organization’s sensitive data a critical part of that, we ensure the controls we have in place to ensure compliance with these requirements are met, monitored, and matured.

6. As A Ciso, What Do You Consider When Measuring Risk? How Do You Identify The Areas That Need Fixing?

a. The short answer is communication,engage with the business. When measuring risk, we are constantly looking at the needs of the business to confirm our focus is where it is needed. Engaging with leadership and other stakeholders allows us to gather the information we need to make these decisions and helps us in identifying areas that make need additional attention.