As the chief information officer of Palomar Health, the largest healthcare district in California, I believe it is crucial to strike a balance between technology, cybersecurity, and business needs. Historically, healthcare organizations are known for their focus on technology and innovation. However, the proliferation of electronic health records, the interconnectivity of medical devices and the rise of telehealth has made healthcare systems more vulnerable to cyberattacks. According to a recent study, 89% of healthcare organizations reported around 43 cyberattacks per year, almost one attack a week. Cyber criminals will continue to target healthcare systems more frequently, and the resulting breaches have significant consequences, including loss of sensitive patient data, reputational damage, and operational disruptions.
My challenge every day is to keep up with healthcare needs while making sure patient data is kept safe. As healthcare IT executives, we recognize the importance of cybersecurity, but the challenges of security are not always understood by other leaders. Too often, business executives focus solely on business needs, without fully understanding the risks and threats that come with implementing new technologies. This can result in a situation where security is an afterthought, and the organization is left vulnerable to attack.
A big part of our role as IT leaders is to engage other executives in our organization to raise awareness of the importance of cybersecurity. I have found many executives are not aware of the risks and threats facing healthcare organizations today, or of the potential impact of a security breach. To address this, I have made a concerted effort to engage other executives in conversations about cybersecurity, to provide training and education, and to involve them in our cybersecurity strategy development.
Palomar Health is one of the few hospitals I know of that has created in-depth cybersecurity playbooks not just for the IT department, but for each business owner. I have found that engaging other executives in this way has been crucial in shifting our organization’s culture towards prioritizing cybersecurity. It was not uncommon for IT departments to be left out of the loop when it comes to business technology contracts until it is too late. I have championed IT involvement in the contract selection process from the beginning. Our IT department must review the functionality of the new technology and assess its compatibility with existing systems. They can also identify potential security risks and work with the vendor to address them before the technology is implemented. This vetting process also allows for more timely incident response.
By involving other executives in our cybersecurity strategy development, they have gained a deeper understanding of the risks and threats facing our organization and have become more invested in our security programs. They are now more likely to support and advocate for cybersecurity initiatives, and to ensure that their teams are following our security policies and procedures. I encourage other healthcare organizations to follow our example and prioritize cybersecurity in their own organizations.