Data breaches could cost the healthcare industry upwards of $6 billion each year, yet many executive teams leave security low on the priority list.
At the Becker's Hospital Review 6th Annual Meeting, Mac McMillan FHIMSS, CISM, chairman, CEO and co-founder of CynergisTek, discussed how the selection of the right chief information security officer can help mitigate healthcare organizations' vulnerability to security threats. "Healthcare must think and act differently when it comes to data security and privacy," said Mr. McMillan.
Before a healthcare organization, hospital, health system or otherwise, can rely on a CISO, it must embrace a culture of security. "We need to get away from this culture of compliance. Compliance doesn't make you secure," said Mr. McMillan. Leadership needs to:
• Find the right people to address the problem
• Empower the CISO and make the role visible throughout the organization
• Form a security strategy that starts with executive leadership
• Build a strong security framework
When a healthcare organization has done these things, a strong CISO can make a difference. But, the CISO role is often filled by someone simply interested in the job, rather than by someone truly qualified. "All too often, the security officer is someone just interested in the job, not necessarily someone who actually understands what they are dealing with," said Mr. McMillan. The qualities and skills of an effective CISO include, but are not limited:
• Leadership
• Business acumen
• Ability to manage risk
• Willingness to be a team player
• Forethought
• Political savvy
• Knowledge of privacy and security