As the increasing intensity of cyberattacks causes waves in the healthcare industry, it also brings to light the changing roles of chief information officers and chief information security officers.
One big question surrounds whom a CISO should report to, Clint Boulton writes at the Wall Street Journal. Boulton says many CIOs want CISOs to report to them, but then some think CISOs should go first to CEOs.
One example he cites is Target's decision last year to have its CISO report to the CIO--in that case, cybersecurity experts said that he should report to the CEO.
Others say it doesn't matter to whom the CISO reports; rather, both should be working closely together no matter what. That relationship helps present comprehensive security postures to boards, Robert Logan, CIO of defense contractor Leidos Holdings Inc., tells the WSJ.
That's especially important as the healthcare industry faces the fallout from the increasing number of breaches it is facing, including the recent attack on health insurance company, Anthem.
In the healthcare industry, in particular, situations like the Anthem breach and increasing use of technology and collection of data will force the role of hospital IT leaders to evolve.
For one, CISOs will gain more visibility. Because of that, the College of Healthcare Information Management Executives created a new group to support healthcare security pros--the Association for Executives in Healthcare Information Security.
"It's a very technical area," George McCulloch, former deputy CIO at Vanderbilt University Medical Center and head of the new association, recently told HealthcareInfoSecurity. "The challenge of CIOs has been to maintain a technical competence or knowledge as well as a depth that I think is getting more and more difficult."
There may also be a proliferation of new roles in the industry, such as the creation of chief data officers.
To learn more:
- check out the WSJ article