Ahead of the HealthSec Summit, we sat down with Michael Prakhye, CISO at Adventist HealthCare, to hear his thoughts on the state of cyber security in the healthcare sector today, as well as some context around his presentation session at HealthSec on May 23rd – 24th in Boston.
The HealthSec Summit is an annual gathering of Cybersecurity leaders from across the Hospital & Healthcare, Medical Equipment, BioTech, Pharmaceuticals, Life Science, Diagnostic Labs industries and more. The event is an opportunity for them to come together in one space with the focus on how to best protect their organisations from cyber attacks.
Read on below for the full interview!
Please introduce yourself and tell us a bit about your background…
I serve as a Chief Information Security Officer and Director of Information Security at Adventist HealthCare.
I hold Master’s in Cyber Security and Master’s in Business Administration from the University of Maryland, as well as an Executive Healthcare Leadership and Healthcare Change Management certificates from Cornell University. I have over 18 years of experience in risk management, compliance, strategy and consulting within Healthcare and the Department of Defense. I hold industry certifications including Project Management Professional, C|CISO, ITIL, CISSP, and other Microsoft infrastructure certifications. I am an adjunct lecturer with the College of Information Studies at the University of Maryland, teaching Information Assurance, Compliance and Risk Management.
In my current position, I am responsible for establishing and maintaining the enterprise vision, security roadmap and strategy, compliance and overall organizational security to ensure information assets, medical devices and technologies are adequately protected.
What do you think are the biggest cybersecurity risks affecting healthcare and life sciences today?
Phishing and social engineering has been a priority for any organization, and is considered to be the highest risk in terms of point of compromise. The biggest risk the healthcare sector is facing is ransomware, which can be a result of poor patching, unsupported legacy OS systems, third party vendors and lack of IoT management and their vulnerabilities.
What do the next 5 years hold for your industry?
Technology changes too quickly to have a static five year plan, but can be created based on frameworks or audits. The plan would have to be reviewed quarterly to adjust for changes in the industry and technology. I believe in the next five years we will see more changes in compliance, government oversight and cyber security framework changes, holding organizations and senior leaders accountable for lost data, breaches od information and potential patient care disruptions. Insurance carriers may discontinue to provide cyber insurance due to costs involved or organizations begin to self fund their cyber insurance due to lower coverage and limitations.
Can you give me a taster of the main point you are going to make at the HealthSec Summit?
The topic is Protecting our Business During the Pandemic: Lessons Learned & How Our Experience Can Help You. We are a non profit healthcare organization that has been a leading community hospital system for over 100 years. We are also the only state in the nation that has an all payer hospital rate regulation, limiting our revenue. Our strategic goal is to assist other smaller health systems in an underserved communities by expanding and growing our organization. In the midst of the pandemic and a rapid change to the remote workforce, it has been imperative for us to become flexible in technology choices, prediction of threats and making the right investments in tools and people, while still have an ability to grow and achieve our strategic objectives. How we continue to protect the business, gain executive buy in for a culture change, and grow by putting security first in a tightly controller hospital market.
What is your top advice for other cybersecurity professionals?
Always stay up to date. Cybersecurity threats are constantly evolving, and it’s essential to keep up with the latest trends and techniques. Be proactive and anticipate potential threats and take steps to mitigate them in advance. Prepare for the worst, even with the best security measures in place, there is always a risk of a breach. It is critical to get buy in and support from senior executives, and being able to translate cyber speak into business terms.
Catch Michael at the HealthSec: Cybersecurity for Healthcare Summit on 23rd – 24th May for his presentation: ‘Protecting our Business During the Pandemic: Lessons Learned & How Our Experience Can Help You’! Join us for her session and enjoy live Q&As throughout the summit by registering at healthsec.cs4ca.com/register/.
