Ahead of the HealthSec Summit, we sat down with Patty Ryan, CISO at Ortho Clinical Diagnostics, to hear her thoughts on the state of cyber security in the healthcare sector today, as well as some context around her presentation session at HealthSec on May 23rd – 24th in Boston.
The HealthSec Summit is an annual gathering of Cybersecurity leaders from across the Hospital & Healthcare, Medical Equipment, BioTech, Pharmaceuticals, Life Science, Diagnostic Labs industries and more. The event is an opportunity for them to come together in one space with the focus on how to best protect their organisations from cyber attacks.
Read on below for the full interview!
Please introduce yourself and tell us a bit about your background…
My name is Patty Ryan and I have been an Information Security executive for the last 20 years. Started out working in sports television in college (Wide World of Sports, Monday Night Football, Monday Night Baseball). Then transitioned into IT with a final migration into Information Security. I have worked across many different industries (Financial Services, Legal, Pharma/Medical Device) in my career but have been with Ortho Clinical Diagnostics (now QuidelOrtho) for the last 5 years as CISO.
What do you think are the biggest cybersecurity risks affecting healthcare and life sciences today?
The complexity of securing the spectrum of medical devices considering heightened cyberthreats against the healthcare industry, average life span of medical devices and the time/energy/overhead required for a healthcare organization to secure the various different devices (POC, on their network). Feels like a growing risk (aka perfect storm) which will affect an already drained ecosystem.
What do the next 5 years hold for your industry?
The line between traditional medical devices and medical device as a software will continue to blur. More and more point of care solutions will exposure patients and hospitals to IoT based cyber risk. Securing this environment will continue to be a challenge.
Can you give me a taster of the main point you are going to make at the HealthSec Summit?
Every medical device product “created” must provide Healthcare security professionals with:
- The transparency required to determine connections to/from and activities associated with a medical device
- Ability to take preventive action quickly and
- Make integration into an IR program simple
What is your top advice for other cybersecurity professionals?
Stick with the fundamentals, which are the same in principle across the cloud, on prem, IoT, etc
Catch Patty at the HealthSec: Cybersecurity for Healthcare Summit on 23rd – 24th May as she takes part in a panel discussion: ‘Are We Equipped to Deal with Current and Future Threats? Evaluating Threat Landscape and Incident Response Plans’! Join us for her session and enjoy live Q&As throughout the summit by registering at healthsec.cs4ca.com/register/.
