TRENDING:

Governance & Risk Management , Healthcare , Industry Specific

Why Healthcare Needs to Shift Its Cybersecurity Focus

Mac McMillan, CEO Emeritus of CynergisTek, on Addressing Risk Marianne Kolbasuk McGee (HealthInfoSec) • September 16, 2019     10 Minutes   
Why Healthcare Needs to Shift Its Cybersecurity Focus
Mac McMillan, co-founder and CEO emeritus, CynergisTek

Despite progress in improving cybersecurity, the healthcare sector still needs to change its focus from compliance to risk, says Mac McMillan, co-founder and CEO emeritus of security consulting firm CynergisTek.

"We need to stop talking about compliance ... and grades. We need to talk about threats and risk - and about how what we're doing is addressing the risk to the organization's ... systems, data and patients," McMillan says in an interview with Information Security Media Group.

"The threat profile we have today - the risks to patients, data, operations, intellectual property, research - and even the risk to national security with a lot of the information in healthcare - is at an all-time high," he says. "We need to have leadership in hospitals talking about cybersecurity and cyber risk and threats."

Executives must develop a far better understanding of cyberthreats and the risks they pose so that they can "start making better decisions with respect to security investments - and start to understand truly what it will take to be effective at protecting what we do in this industry that's so critically important to our society," he says.

In the interview (see audio link below photo), McMillan also discusses:

  • Mentoring the next generation of potential cybersecurity professionals and his top advice to healthcare CISOs;
  • How the cybersecurity postures of the healthcare and government sectors compare;
  • His recent retirement as CEO of the security consulting firm and his current projects.

McMillan is co-founder, board member and CEO emeritus of CynergisTek Inc., an Austin, Texas-based firm specializing in information security and regulatory compliance in healthcare, financial services and other industries. He has about 40 years of security and risk management experience, including 20 years at the Department of Defense and its Defense Threat Reduction Agency. He is also former chair of the Healthcare Information and Management Systems Society's privacy and security task force.

Previous
For Sale: Admin Access Credentials to Healthcare Systems
Next
Mainframe Security Challenges: An Encroaching Perimeter



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.