Connect with us

Hi, what are you looking for?


CISO Strategy

How the Best CISOs Drive Operational Resilience

Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed.

The last three years have been fueled by turbulent change — especially when it comes to an organization’s tech structure. The unanticipated global pandemic drastically accelerated digital transformation (DX) and a borderless workforce, forcing businesses to fast-track projects they had previously scheduled to take years. These years-long projects began to be completed in the matter of months, or even weeks, and propelled the industry forward momentously, but also highlighted that cybersecurity must be interwoven in the fabric of those transformations to build operational resilience.

During this time, cybersecurity transformed into a competitive advantage for organizations, not just a cost center — leading many boards of directors to start paying closer attention to security investments and metrics, and prioritizing results. The unforeseen circumstances of the pandemic, accelerated DX, and flexible work — coupled with geo-political conflict in the Ukraine — prove that CISOs not only need to protect against the increasingly sophisticated attacks of cyber-criminals, but also need to match the speed of innovation with the right security measures. During this transformational period, I have observed that the most agile companies keep cyber resilience top of mind, and the best CISOs in our industry also act as Chief Resilience Officers, putting cyber investments and protections to work to defend their business operations.

Recent events have caused cyberspace to become increasingly hostile, and perhaps no other industry was affected more harshly than healthcare. For healthcare delivery organizations (HDOs), there are no higher stakes when it comes to delivering patient care safely and securely. That’s because ransomware attacks on hospitals are not just white collar crimes with economic effects — these incidents are classified as threat-to-life crimes, as they can hinder HDOs ability to provide patient care, and can even result in the loss of human life.

According to a recent study by Cynerio (PDF), 56% of hospital security leaders say their organization experienced one or more cyberattacks in the past 24 months involving Internet of Medical Things (IoMT) devices. Forty-five percent report adverse impacts on patient care from these attacks, and 53% percent of those (24% in total) report adverse impacts resulting in increased mortality rates. As we now know, cybersecurity in healthcare is patient safety, and goes beyond just data breaches.

Now, how do the best CISOs drive operational resilience in healthcare delivery organizations?

  1. Identify and Apply: Implement more stringent security controls to medical devices and the components needed to operate those systems. The reality is that in many healthcare settings, IT, IoT and IoMT devices have converged on one network and lack differentiating controls. By identifying assets in the healthcare environment and classifying them, and by applying virtual segmentation and other security controls, CISOs can build resiliency into their highly critical operations.
  2. Prioritize and Address Gaps: Systematically prioritizing and addressing gaps is key in implementing good governance and effective risk mitigation. The best CISOs establish a “single source of truth” for their environment to bridge operational disconnects and divides. This single system of record can provide visibility into clinical networks and allow stakeholders to make effective decisions that will improve their organization’s operations and care.
  3. Eliminate Silos: When organizational silos are created, they cause individual teams to lose sight of common goals, which can lead to massive inefficiencies and risks. In the case of HDOs, these silos can impact the safety of operations and care. For example, if there are blind spots in an organization’s cyber-defense strategy, an IT team may unknowingly block communications to a critical medical device or bring down the device to apply patches at the wrong time resulting in dire consequences. To combat this, CISOs should implement a “protect to enable” strategy that fuses IT/security, BioMed, and business outcomes.
  4. Adopt a Holistic Approach: It is important for CISOs to think of hospital operations holistically, and to understand that although medical devices are critical, so are the other building management systems (BMS) in the environment. From security cameras and physical access controls to HVAC systems, lighting, elevators, and fire alarm systems, BMS are critical cyber-physical systems that are trusted by millions daily to keep hospitals running. When these systems fail, delivering care becomes more difficult, and patient outcomes can suffer. By taking a holistic approach, HDOs can enhance visibility across their ecosystem and ensure more effective and efficient vulnerability management.

In conjunction with the above strategies implemented by CISOs, several policies are also shaping how organizations approach security for their medical devices. A prime example is the Protect Access to Confidential Healthcare (PATCH) Act, which was included in the recent FY23 appropriations bill and seeks to implement baseline cybersecurity requirements for device manufacturers applying for FDA approval. Additionally, the bill would require plans to monitor, identify, and address post-market vulnerabilities, and would establish a Software Bill of Materials (SBOMs) for devices — all of which would help ensure that HDOs infrastructure remains safe and secure.

In recent years, cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed. By implementing the above strategies, and with the development of bipartisan legislation like the PATCH Act, CISOs will be better equipped to drive operational resilience and keep patients safe.

Advertisement. Scroll to continue reading.
Written By

Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Conversations

U.S. Marine Corps and SAIC CISOs Discuss the Differences Between Government and Private Industry

CISO Conversations

SecurityWeek examines the role of the virtual CISO in a conversation with Chris Bedel and Greg Schaffer.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Conversations

While the BISO might appear to be a new role, it is not – and understanding its past provides insights into its present.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek talked to two vendor CISOs: Chris Morales, CISO at security and analytics firm Netenrich; and Laura Whitt-Winyard,...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...