The growing threat of a data breach is putting cybersecurity front and center for the healthcare industry and forcing the entire C-suite to be more involved in security initiatives.
Unfortunately, cybersecurity typically requires significant investment without much return, Mac McMillan, CEO of the consulting firm CynergisTek told Healthcare Informatics, which puts more pressure on leadership to make a convincing business case.
“Security, like any other non-revenue producing function, has the pressure of being a cost center for the business,” he said.
“In other words, the people who are trying to make decisions on how best to spend dollars that they have are looking at options that can generate more revenue and more business. These organizations are running against very tight budgets, they are running up against very low reimbursement and they are running against a lot of the financial pressures that healthcare has today. And, they are asking for dollars that don’t contribute to production of revenue.”
Experts say cybersecurity is drawing more interest from board members than it has in the past, but CISOs need to be equipped to make their case for upgrades or additional staff by quantifying the impact of a potential breach.
“You’ve got to come with data that really ties out the risk and tying that to what is the impact to both your operations and the bottom line,” Greg Mohrmann, a director with The Chartis Group told Healthcare Informatics.
CEO’s need to take on a larger role in advancing all aspects of healthcare innovation, but particularly when it comes to cybersecurity, Michael Dowling, president and CEO of Northwell Health, formally North Shore-LIJ, wrote in Becker’s Hospital Review. Given the high stakes of a potential breach, cyber-defense needs to be championed by all members of the leadership team, not just the CISO.
In the past, Northwell has reached out to law enforcement to assist with cybersecurity threats.
“Technology offers unbelievable opportunities in healthcare—both on the clinical side and on the business and operations side—but it also carries serious risk,” he wrote. “Hacking and data breaches are realistic and stubborn dangers we face each day. No CEO in healthcare has the luxury of dismissing these threats or viewing the work to prevent them as optional.”