What does your role as senior cybersecurity architect entail?
It’s a very broad role. I’m trying to keep pace with cybersecurity threats all across the globe, not just in healthcare. Really, anything that’s happening on the planet could potentially happen to us.
My role is not only to digest that every day, but also to understand how we mitigate those things in the context of an academic medical center or a large health system. That includes keeping pace with a breadth of cybersecurity tools and solutions that are out there to help. It’s also about understanding the people and processes involved in augmenting those.
It’s tough to take a day off in cybersecurity, because that could be a big day. You’re kind of permanently plugged in, but you do it because it’s fascinating work.
Is it common for health systems to have a dedicated cybersecurity program? Is Dartmouth Health doing something different that other systems could benefit from?
I would venture to say that all hospitals have a program at this point. The real question is whether they have dedicated cybersecurity resources.
I’ve heard the number fluctuate [when it comes to how many U.S. hospitals lack a dedicated cybersecurity employee]—maybe it’s 75% or maybe it’s in the high 90s. But I’ve had conversations with many hospitals, and I’m fairly comfortable [saying] it’s certainly in that upper three-quarter range. That’s a frightening prospect, considering how deep a cybersecurity program in a hospital really needs to be. That’s getting done by committee in organizations that lack full-time resources, and it just further strains folks who are there to do other work.
We’re very fortunate to have dedicated cybersecurity resources at Dartmouth Health.
Read the complete story at our sister publication, Modern Healthcare
