Awareness is Key: Educating Executives on Cybersecurity Risks in Healthcare | By Anis Trabelsi

Share

As the Chief Information Officer of Palomar Health, the largest healthcare district in California, I believe it is crucial to strike a balance between technology, cybersecurity and business needs. Historically, healthcare organizations are known for their focus on technology and innovation. However, the proliferation of electronic health records, the interconnectivity of medical devices and the rise of telehealth has made healthcare systems more vulnerable to cyber-attacks. According to a recent study, 89% of healthcare organizations reported around 43 cyber-attacks per year, almost one attack a
week. Cyber criminals will continue to target healthcare systems more frequently, and the resulting breaches have significant consequences, including loss of sensitive patient data, reputational damage and operational disruptions.

My challenge every day is to keep up with healthcare needs while making sure patient data is kept safe. As healthcare IT executives, we recognize the importance of cybersecurity, but the challenges of security are not always understood by other leaders. Too often, business executives focus solely on business needs, without fully understanding the risks and threats that come with implementing new technologies. This can result in a situation where security is an afterthought, and the organization is left vulnerable to attack.
A big part of our role as IT leaders is to engage other executives in our organization to raise awareness of the importance of cybersecurity. I have found that many executives are not aware of the risks and threats facing healthcare organizations today, or of the potential impact of a security breach. To address this, I have made a concerted effort to engage other executives in conversations about cybersecurity, to provide training and education, and to involve them in our cybersecurity strategy development.

Palomar Health is one of the few hospitals I know of who has created in-depth cybersecurity playbooks not just for the IT department, but for each business owner. I have found that engaging other executives in this way has been crucial in shifting our organization’s culture towards prioritizing cybersecurity. It was not uncommon for IT departments to be left out of the loop when it comes to business technology contracts until it is too late. I have championed IT involvement in the contract selection process from the beginning. Our IT department must review the functionality of the new technology and assess its compatibility with existing systems. They can also identify potential security risks and work with the vendor to address them before the technology is implemented. This vetting process also allows for more timely incident response.

By involving other executives in our cybersecurity strategy development, they have gained a deeper understanding of the risks and threats facing our organization and have become more invested in our security programs. They are now more likely to support and advocate for cybersecurity initiatives, and to ensure that their teams are following our security policies and procedures. I encourage other healthcare organizations to follow our example and prioritize cybersecurity in their own organizations.

 

Editor’s Note: Anis Trabelsi has an extensive background in security and has been instrumental in leading the Palomar Health security team since 2016. As the former Chief Security Officer and current Chief Information Officer, he leads the IT Department, Cybersecurity Office, and physical security functions to align key processes with regulatory compliance and with the vision, goals, and objectives of Palomar Health. He maintains strong working relationships with local, state, and federal law enforcement agencies across the state and country that are fundamental to our ongoing safety.

Prior to joining Palomar Health, Anis retired as a decorated law enforcement officer with exceptional experience and knowledge in the principles and techniques of policing and public safety. He served honorably in the United States Marine Corps and is a veteran of Operation Enduring Freedom. Anis holds a Master’s Degree in Management from the University of Redlands and a Bachelor’s Degree in Criminal Justice from the University of Phoenix.

Read more