Anahi Santiago, Christiana Care Health System: 'Security a safety issue'

'You implement all these controls and sometimes, six months later, it's no longer applicable, because they've found new ways to get in.'
By Mike Miliard
08:00 AM
Share
Anahi Santiago

"I remember the days when we used to worry about spring break, because that's when the bored college kids would write the viruses," said Anahi Santiago, CISO at Wilmington, Del.-based Christiana Care Health System. "It has changed significantly from what it was even 10 to 15 years ago."

And how? Gone are the days when a gifted computer geek with a six-pack of Jolt Cola was all a security professional had to worry about.

"Now you worry about nation-states that are employing hackers to come after our data," said Santiago. "That's a very, very big change in what we have to deal with."

And that change is constant -- requiring constant vigilance when even the slightest missed cue could spell disaster.

"The way these bad actors are evolving, finding new ways to get in and evade all the controls that are put into place, it changes by the minute," she said. "You implement all these controls and sometimes, six months later, it feels like it's no longer applicable, because they've found new ways to get in."

That dynamic threat "forces us to constantly have to change how we do things, constantly have to learn and really stay a step ahead."

But Santiago said that high-wire challenge is what fuels her passion for the CISO job.

"It's a technical field, so it allows me to hold on to the components I enjoy, but it exercises a lot of leadership skills," she said. "It's not a stale role by any stretch. And that's what makes it so interesting."

Santiago's background is in engineering, and she got into project management when she worked for Unisys, put in charge of big global infrastructure initiatives that offered exposure to many different areas of IT. "I fell in love with information security."

[Learn more: Meet the speakers at HIMSS and Healthcare IT News Privacy & Security Forum.]

Healthcare, especially these days, is able to impart an adrenaline rush for anyone up to the challenge of keeping such critical data safe from so many varied threats. (Santiago has been CISO at Christiana Care since this past spring; prior to that she was director of information security and support services at Philadelphia-based Einstein Healthcare Network for eight years.)

"Every organization, no matter how robust their infosec program is, is at risk of being hacked," she said. "I think we all recognize that it's very difficult to keep these folks out of your environment. So one of my priorities at my organization is to make we sure have a super tight incidence response process."

In the meantime, she goes to work every day fully aware that the role of a healthcare CISO is more important than ever. Not just because the threats from bad actors have evolved and increased. But because of the precious nature of the data they're after.

"The role of the CISO in healthcare is very unique," said Santiago. "I believe that information security is a patient safety issue. And I think a lot of organizations are just starting to think about it as not just a risk to a patient's information but a risk to a patient's life. Bad information in a medical record could actually kill someone. I see the role of the CISO as integral to the delivery of quality patient care."

CISOs: Healthcare's new rock stars

CISO and CIOs: Why can't we be friends?
Should CISOs have as much power as CIOs?

Infographics:

Biggest barriers to better security

Greatest areas of improvement in cybersecurity?

Top 10 cybersecurity threats of the future