Information Sharing , Training & Security Leadership
Learning From Others' Gaps in the Wake of Major Attacks
Michael Prakhye, CISO of Adventist Healthcare, on Battling Evolving ThreatsWith no end in sight for ransomware attacks that cause serious disruptions and major data breaches in healthcare, it's critical that CISOs study what went wrong in these incidents and look closely at where their own organization might have similar gaps or vulnerabilities, said Michael Prakhye, CISO of Adventist HealthCare.
"Ransomware is an outcome, a final result of something happening within the organization. There are so many things that can be done," he said during an interview with Information Security Media Group at HealthSec Summit USA in Boston on Wednesday. Prakhye served as conference chair.
"When I look at ransomware and how to protect the organization, there are several ways you want to have your security program structured," he said.
The foundation of Adventist's program is closely adhering to the NIST Cybersecurity Framework 2.0, but any robust framework is an important component, Prakhye said.
"You can follow and look to see how your organization is doing and make sure it is appropriately configured and set up. You can use a framework of your choice, whether it's NIST or anything else, to road map, budget, look at the tools and solutions you might be missing - or any of the gaps," he said.
That's important for getting buy-in from the very top, according to Prakhye. Using the framework to help identify what to strengthen is important, he said. "Bring it up to leadership, whether it's the board or any of the subcommittees, to justify what you need to purchase and why - and where the gaps are."
In this interview with Information Security Media Group (see audio link below photo) at HealthSec Summit USA in Boston, Prakhye also discussed:
- Other emerging cybersecurity threats;
- The U.S. Department of Health and Human Services' "essential" and "enhanced" cybersecurity performance goals, which are voluntary now but are expected to become mandatory for certain types of healthcare providers;
- The cybersecurity promise and concerns involving AI.
Prakhye is director of information security at Gaithersburg, Maryland-based nonprofit Adventist HealthCare, which includes three acute care hospitals and multiple other healthcare facilities. He has over 20 years of experience in information security, risk management, compliance, strategy and consulting within healthcare and the Department of Defense. He is also an adjunct professor at the University of Maryland College Park, teaching information assurance, compliance and risk management.