Hospital CISO: Personalizing security training generates buy-in


Personalizing security training can help drive home the message for users and top healthcare management alike, according to Dave Summitt, chief information security officer of the H. Lee Moffitt Cancer Center and Research Institute in Tampa, Florida.

That's because attacks "aren't just against organizations," but also "individuals," he says in an interview with HealthcareInfoSecurity. Summitt focuses training on helping people see the effects of a compromised identity, bank account or health record, and helping people secure their own workstations at home and at work.

“When you make it more personal, people take a little more notice,” he says.

Healthcare organizations struggle with lack of understanding at top management levels of how serious attacks can be and in getting qualified and experienced cybersecurity pros on board. Many organizations' information security departments just aren’t large enough to handle the problem, according to Summitt.

They lack understanding of exactly what their network is supposed to look normally, what applications are really doing, where applications are within the organization and all the places that protected health information resides, he says.

“If you don't where that is, or what it's supposed to look like, it makes it very challenging to protect those assets,” Summitt says.

Regulations, he believes, are driving improvements, and with stories of healthcare breaches in the news, top executives are taking notice.

“That, to me, is the biggest thing that can change an organization--that higher-level awareness and understanding of what’s going on, so they can apply the proper resources.”

Suggested Articles

Blue Cross Blue Shield of Michigan now has 14 participants in its Blueprint for Affordability program. Here's what that model entails.

A healthcare non-profit wants to build a “moonshot factory” to bring data science and precision health to remote villages in the developing world.

Bernie Sanders' crushing win in Nevada led to stocks for payers and providers taking a tumble on Wall Street.