HEALTHCARE SECURITY FORUM: A HIMSS EVENT
San Francisco, CA - June 11 - 12, 2018
Richard Staynings is a renowned thought leader, author, public speaker and evangelist for improved cybersecurity across the healthcare and life-sciences industry. He currently serves as a member of the HIMSS Privacy and Cybersecurity Committee and is SVP Chief Security and Trust Officer at Clearwater Compliance.
CIO, CISO, CRO, CTO, partner and principal are some of the titles Richard has held or continues to hold. With more than 25 years’ experience of both cybersecurity leadership and client consulting Richard has lived in more than 30 countries and delivered innovative solutions to organizations in all of them. Working in both an executive leadership and consulting capacity, Richard has sat on both sides of the advisory table and can appreciate views through both conceptual lenses.
Richard has assisted in the success of innovative start-ups, to many of the world’s most successful public companies. Some of his more notable successes include work for: Amgen, Children’s National and Children’s Hospital of Philadelphia, Intermountain Healthcare, and PeaceHealth to name a few.
After spending many years based out of the UK, Australia and various parts of Asia, Richard now resides in the shadows of the Rocky Mountains in Boulder, Colorado. Although he doesn’t get to spend a lot of time at home, Richard is active in his local community and serves on several Boards in a pro-bono capacity.
‘Security is an industry where we are continually developing new solutions without understanding the problem we are trying to fix’.
This session discusses the adoption of new and emerging tools and approaches to secure healthcare data and IT system availability. Tools like NGFW, micro-segmentation, biometrics and MFA, blockchain, big data analytics, machine learning and AI. Tools that boost automation, protection, visibility, and intelligence, leading to improved threat detection, and containment of inevitable attacks.
As with all new tools there’s a temptation to chase after the latest ‘shiny object’, but we need to adopt a risk-based approach to fully understand the enterprise business risks, threats and vulnerabilities that a shiny object or new tool will address. Security leaders need to fully understand the costs, benefits and drawbacks before purchase and adoption, along with how quickly, easily or difficult each tool can be integrated into the existing infrastructure. Furthermore, they need to be able to articulate and defend exactly what business risk gaps, each tool will address, what business benefits it will provide to the organization and what legacy tools it will retire.
As security leaders, we need to work smarter, not harder, and with an average 65 disparate security vendors in each U.S. hospital, we need to consolidate to a smaller, leaner and more manageable toolbox.