IT Starts with Security: Lessons from Healthcare Executives


As the healthcare industry environment gets more complicated every day, healthcare CIOs are facing challenges like never before. Between new regulations, changing compliance mandates, security breaches, specialization needs and more, it’s hard for CIOs to maintain operations while also trying to achieve organizational goals. Add on top of this COVID-19, and the list of what keeps healthcare CIOs up at night just continues to grow.

As CIOs continue to try and move their organizations forward, many are realizing the benefits of having technology partners that can help them “Get There”. Recently, Involta and Alert Logic partnered to host a panel discussion where security experts and healthcare industry CIOs worked through solutions to these challenges.


– Jeff Szymanski, Executive Vice President, Business Development, Involta


– Annalea Ilg, Chief Information Security Officer, Involta

– Matt Brown, Principal Security Architect, Involta

– Jack Danahy, Senior Vice President & Chief Evangelist, Alert Logic

– Jason Smith, Vice President, Technology, MediRevv

Top 5 Challenges Healthcare CIOs Face

1. The shift from IT as a driver of optimism and resiliency to being critical to core business initiatives

As a result of COVID-19, there has been an acceleration of security demand as the number of cyber-attacks have risen higher than ever before. IBM reported that 6,000% of the attacks since March have been malware-related, mainly due to the shift to work from home. Resourcefulness was the name of the game when the pandemic first hit, but as we settle in to this new normal, organizations are realizing that it is time to revisit their disaster recovery plans and are quickly realizing that a solid plan hinges on the ability to provide remote procedures and visits, with an added emphasis on end-to-end security. The shift from “nice to have” to “must have” is critical.

2. The need to be nimble while ensuring decisions are made for business longevity

The need to be agile when making decisions precise and quick, while also keeping long-term goals in mind, is essential. To be agile, you need to have context. The more context you have, the easier it will be to know where you are at, focus on key priorities and make sure you have a good foundation to build on. It also allows partners to understand each other better, which enables you to move more quickly.

3. The need for staff and leadership to be adaptable and educated, as threats related to security are changing on a consistent basis

With COVID-19, the remote workforce has grown significantly and more time needs to be spent on user education rather than technology. People think about security issues as being one thing, but that’s not true. The need for staff and leadership to be adaptable is constant as threats related to security are changing on a daily basis. Education is very important because in order to adapt and respond you need to first have visibility. Security has to adapt and you have to adapt with it.

4. The need to resolve problems without any downtime

High-risk and long-term consequences are additional challenges healthcare providers face. Problems must be resolved without downtime, no matter if it’s ransomware or an outage. Patient care must still be at the forefront which means you need to know where your data and risks are in advance, so you can get on top of them and deal with any challenges that arise. How often do you test your business continuity plan? Managed Detection and Response can be a powerful aid tool for healthcare organizations here.

To understand what your IT systems are being used for and how they need to be protected, you have to be thoughtful. Of course, you also need to have a strong business continuity plan and disaster recovery plan, but you need to think and prepare for a “new reality,” which could occur if your small event were to turn into a long-term event. How will you scale and maintain your business during that time?

5. The need to balance increased visibility and threats to an environment that could compromise patient data and ultimately harm reputations

As healthcare providers and companies continue to be on the front-lines of the pandemic, they will also continue to be at the forefront of public relations and the media. Healthcare is personal and if patient information is compromised, the reputation of the organization is on the line with long-term consequences thereafter. You have to know your “risk register” and where your critical data resides, so you can minimize access to it. Security governance cannot be an after-thought.

Creating a security culture within your organization should be on your “must do” list. However, don’t think that you have to go it alone. Bringing a technology expert partner onboard to help you “Get There” can make all the difference, just listen to MediRevv’s story at the start of our panel discussion podcast. To hear the full conversation, listen to the panel discussion podcast here.

Download the Podcast

Related Resources