Speed versus safety. The two topics are intrinsically linked and vital in their own individual way. But can you have both in healthcare when the risks are so great? Ultimately, there is no higher stake than saving people’s lives – it goes above everything and is why cybersecurity is so vital.
Michael Meis, Associate Chief Information Security Officer at The University of Kansas Health System, admits he didn’t realise how much that resonated with him prior to his arrival with the organisation just two years ago.
Protecting the healthcare system
“There’s nothing more important to me than patient care,” he affirms. “It is one of the highest callings you can imagine, to be able to help people. While the cybersecurity team and me, individually, do not directly care for patients, we enable a lot of that patient care to continue and to be able to achieve some of the goals that the health system has set to provide that healing, research, and innovation within the healthcare space. It’s been very gratifying both as an individual and as a leader within the organisation to be able to see the results of that and know that we were involved in enabling it moving forward.”
The University’s cybersecurity strategy focuses on three key pillars. These are allowing leaders across the health system to make informed risk-driven decisions, rapid detection of security incidents as they happen, and add resiliency into all systems and processes. “The velocity and veracity of attacks has dramatically increased,” explains Meis. “There are thousands of attacks per day against the health system in cyberspace, so it really requires us to be consistently vigilant and making sure that everything within our security stack is working as expected.”
While Meis admits the space is challenging given the increase in attacks in recent years, he believes it’s also exciting because of the opportunity presented to meet these challenges head-on. “Cyber attacks are now specifically targeting hospitals and health systems, which for a long time had been off limits to a lot of threat actor groups, so it’s been a fascinating transition to that velocity and then the focus on healthcare,” explains Meis. “What we as an industry need to continue to focus on is making sure we stay purpose-driven and goal-oriented to truly understand the organisations that we’re trying to protect and then align our security and protection strategy to those.”