We’re all about celebrating the small victories at IT Brew, and this week we asked healthcare CISOs about something near and dear to their heart: their biggest wins of 2024.
This year was one to remember for the healthcare industry, and not for good reasons. Less than two months into the year, Change Healthcare, one of the largest health payment processing companies in the world, experienced a ransomware attack that compromised the information of around 100 million Americans. Meanwhile, the infamous CrowdStrike outage in July disrupted the services of hospitals and health systems across the country.
Still, many CISOs were able to roll with the punches and maneuver their organization through the year’s major events smoothly, while juggling day-to-day operations. IT Brew caught up with four CISOs across the healthcare industry to learn what they considered their greatest accomplishment of the year.
The remarks below have been edited for length and clarity.
For Mike Levin, CISO at Solera Health, an Arizona-based healthtech startup, it was reframing how his company views security: Security in a lot of organizations…is treated as a compliance requirement. It’s a thing that you have to do to get past the auditors, or “win the audit”…Here at Solera, we’re focusing upon treating security as something that is an increased value to all of our customers, members, and the payers that we work with.
Bruce Forman, CISO of UMass Memorial Health, told IT Brew his biggest feat was leveraging the year’s events to improve his organization’s security culture and awareness: The biggest thing that came out of that has been the need to improve upon business continuity planning capabilities…We identified…what we needed to build upon. That awareness allowed us then to bring in some outside help to do business impact assessment across the organization to identify that this needs to be an enterprise function as opposed to something that was largely siloed within individual organizations or individual hospitals. Coming out of that, we’re going to be a lot more capable of addressing incidents and issues that are sure to occur in the future.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
For Michael LaLena, CISO at Carestream Health, a global medical imaging technologies company, it was landing several supplier agreements with large hospital chains and group purchasing organizations thanks in part to the company’s reputation for secure medical devices: We’ve won several sole [and] dual supplier agreements worth millions of dollars each…You cannot win a deal with a large hospital chain and integrated delivery network anymore if your security is not up to snuff. You will not make the cut.
Nandy Vaisman, VP of operations and CISO at Vim, a middleware platform, told IT Brew one of his greatest accomplishments of the year was getting a second patent approved for a security feature that has been integrated into Vim’s products: We developed more secure methods of authenticating and authorizing customers and enabling them to access the data while removing some of the friction…It was a huge moment in the company’s history because we developed something that’s very secure and it allowed us to scale really quick, so that was a double win.