Ahead of the HealthSec Summit, we sat down with Dianne Pacheco, CISO at the Jackson Laboratory, to hear her thoughts on the state of cyber security in the healthcare sector today, as well as some context around her presentation session at HealthSec on May 23rd – 24th in Boston.
The HealthSec Summit is an annual gathering of Cybersecurity leaders from across the Hospital & Healthcare, Medical Equipment, BioTech, Pharmaceuticals, Life Science, Diagnostic Labs industries and more. The event is an opportunity for them to come together in one space with the focus on how to best protect their organisations from cyber attacks.
Read on below for the full interview!
Please introduce yourself and tell us a bit about your background…
I am the Chief Information Security Officer at The Jackson Laboratory (JAX). JAX is global independent, nonprofit biomedical research organization that leverages a unique combination of research, education, and resources to achieve our mission to improve human health.
During my 35+ year career in Information Technology, I’ve had the opportunity to manage Operations and Infrastructure teams, and for the most recent 12+ years, I have been responsible for establishing and maintaining the cybersecurity program at JAX. My role in building a risk-aware culture while continuously evaluating and managing the technology and threat landscape ensures that JAX systems and assets are secure while enabling and advancing the JAX mission to improve human health.
What do you think are the biggest cybersecurity risks affecting healthcare and life sciences today?
There is a high risk of organizations losing control of their data with the proliferation of a hybrid work force and the use of multiple cloud/SaaS/file sharing services. Users are transferring data across various channels and storing it in unexpected locations – and you can’t rely on your DLP tools to detect it! It takes vigilance for security teams to always manage and monitor their data to secure it all!
What do the next 5 years hold for your industry?
The world is buzzing with Zero Trust and AI/Machine Learning technologies. Tools like ChatGPT are being used in the workplace, for both strategic opportunities to redefine the way they do business as well as by individual employees who want to get ahead. Security policies and tools are going to have to adapt quickly to combat the expected threats coming from the AI/ML realm. While people may increasingly continue to rely on artificial intelligence, experienced resources are still going to be in demand.
Can you give me a taster of the main point you are going to make at the HealthSec Summit?
The days of castle & moat protections are gone. As the visibility and control you need to do business securely becomes more complex and cyberattacks are getting more and more sophisticated, it is increasingly difficult to manage your resources and assets. You need to get on a Zero Trust path now, and it is a long journey!
What is your top advice for other cybersecurity professionals?
I have two pieces of advice. First, make sure you understand your organization’s appetite for risk – Security’s role is to advise, not to say “no”. The second is to stay current, read, talk with your peers, and understand what others are seeing and what they are doing to combat risk!
Catch Dianne at the HealthSec: Cybersecurity for Healthcare Summit on 23rd – 24th May for her case study: ‘Considerations for Implementing a Zero Trust Approach Within the Jackson Laboratory’! Join us for her session and enjoy live Q&As throughout the summit by registering at healthsec.cs4ca.com/register/.
