Health system cybersecurity leaders told Becker’s they build strong teams by prioritizing diverse backgrounds and skill sets and spreading a security-first mindset across their organizations.
Several health system cybersecurity officers were recently named to the C100 list, from executive community CISOs Connect, as top information security leaders. Becker’s reached out to those executives about how they cultivate strong cybersecurity departments in a time of IT staffing strains.
“By leveraging the unique perspectives and expertise of both newer team members and seasoned information security professionals, we are better equipped to address the array of digital risks we face,” said Jack Kufahl, chief information security officer of Ann Arbor-based Michigan Medicine. “Collaboration and inclusivity ensure that every voice contributes to our collective decision-making and enhances our ability to protect the vital systems and data we uphold.”
Oceanside, N.Y.-based Mount Sinai South Nassau has fostered an atmosphere of cybersecurity that extends well beyond the IT department, according to Christopher Frenz, assistant vice president of IT security.
“Everyone in the organization recognizes they are part of the cybersecurity team whether they have ‘security’ in their job title or not,” Mr. Frenz said. “This kind of culture has allowed cybersecurity to be viewed as an essential component of patient safety and service excellence rather than just a box that needs to be checked.”
In turn, New York City-based Mount Sinai Health System has become one of the first health systems to expand the definition of cybersecurity risk to include patient safety and quality and has been at the forefront of including patient safety impact in its cybersecurity incident response guidelines, Mr. Frenz said.
“We strive to avoid being perceived as the department of ‘no’ but rather ‘how,'” said Steven Ramirez, vice president and chief information security and technology officer of Reno, Nev.-based Renown Health. “Transparency, partnership and collaboration are essential to building the cybersecurity culture in the organization. Having a strong cyber culture helps drive cybersecurity maturity, support and funding.”
