HIMSS23: Cybersecurity now a strategic imperative, experts say
HIMSS23: Cybersecurity now a strategic imperative, experts say Jeff Lagasse
Left to right: Moderator Angela Rivera, Bill Hudson and Sonney Sapra discuss cybersecurity at the HIMSS23 global conference in Chicago on Tuesday.
Photo: Jeff Lagasse/Healthcare Finance News
CHICAGO – Healthcare these days is being constantly flooded with new digital products and services, and while many are necessary and/or beneficial, they come with the addition of significant risk. Organizations are continuing to increase their cybersecurity budgets, but many organizational leaders are still coming up to speed on how critical it is to achieve key goals and initiatives.
To drive home how important cybersecurity has become, Sonney Sapra, senior vice president and chief information officer at Samaritan Health Services, said chief information security officers (CISOs) should have a seat at the executive table.
"Anything we do has to have the CISO at the table, because everything you do has to have a security assessment," said Sapra. "You've got to have that person at the table. You want to make sure you're taking as much risk out of the organization as possible."
Sapra and Bill Hudson, chief information officer for Integris Health, told an audience at the HIMSS23 global conference in Chicago on Tuesday that this shift in importance has taken hold in the five to 10 years in particular.
"The key to getting CISOs to the table is… to be able to tell the organization what the risk is," said Hudson, "and being able to shift the conversation to, 'Hey you want to do this? This is what it means in business and operational terms.'"
The COVID-19 pandemic highlighted this need in a serious way, with industry stakeholders trying to find telehealth solutions at the speed of light. They found the solutions, said Sapra, but they found too many of them, and didn't think about the security side of things.
"They brought the CISO to the table a little late," said Sapra. "The information security landscape… is being treated like emergency management. They get pulled on when we're talking about really disastrous outcomes. But it's got to be looked at a little bit differently. We've now got a portfolio management system in place where everything comes through it, and security is there to do the assessment right off the bat."
He added that C-suites need to push their health systems to think holistically. His organization goes through a mock cybersecurity attack each year as an exercise, and that's been an effective means of keeping everyone on their toes.
For Hudson, it's about spreading the word.
"Part of the conversation we're having is education," he said. "Education is a primary function. While we do provide, in our organization, a report to the board on a quarterly basis on the cybersecurity program… the board gets a lot of data about what we're going in general. You need to think holistically."
Twitter: @JELagasse
Email the writer: Jeff.Lagasse@himssmedia.com