HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
By Michael Figueroa, CISSP
Michael Figueroa, CISSP, serves as Executive Director of the Advanced Cyber Security Center (ACSC) in Boston. Figueroa, a featured speaker at the Healthcare Security Forum on Sept. 12, shared his insights about the current state of cybersecurity in the health sector.
Get involved. Join us for our #HITsecurity Twitter chat on Aug. 24, 2 p.m. Central Time to discuss your cybersecurity insights and connect with other industry experts.
The ACSC is committed to helping all New England organizations improve their cybersecurity posture. One of the first words of advice for small and rural healthcare providers is you are not alone. As cybersecurity threats increase in frequency, it’s more important than ever before to maintain a persistent security collaboration to build a stronger community defense. Even if you are in Springfield or Stockbridge, MA, you can still take advantage of the insights and policies developed by your larger, urban counterparts.
Beyond collaboration, healthcare providers will improve security by applying stronger business-oriented practices to how they conduct security. Those include:
Recruiting and retaining qualified cybersecurity personnel is a challenge across all sectors. While the common belief is security practitioners quickly jump from job to job for higher salaries, we found that candidates are still attracted to soft benefits. Unlike people in other professions, security practitioners constantly face adverse conditions, making them more prone to negative satisfaction. Organizations that counteract the opposing factors with strong positive influences will do best in keeping talented people engaged. One key strategy is to give security staff the freedom to explore the problem spaces with limited oversight. Appealing to the puzzle solving personality innate to many security professionals will give them the sense they are valued for what they are able to solve versus what they are able to detect. Another is to allow security practitioners to collaborate with those in other organizations openly. To overcome the organizational perception that sharing security failures may open it up to reputational risk, ACSC requires members to sign a legal participation agreement that provides blanket non-disclosure over all member information sharing.
At the ACSC, we are conducting a number of activities to help, such as conducting research on how workforce demand is changing over time, implementing sponsored internships that provide students with real-world cybersecurity experience before they graduate, and collaborating with New England academic institutions to develop effective cybersecurity curriculums. We are working to expand the New England cybersecurity talent pool and provide the care-and-feeding necessary to retain it locally.Find out how other industry leaders are creating proactive cybersecurity cultures at the Healthcare Security Forum in September.