In a recent Healthcare IT News feature story, health IT leaders talked about some of the lessons they've learned from a very busy and tumultuous year – and how they're applying those lessons for 2021 and beyond.
Among the many lessons they described – many having spent 2020 waging a two-front battle against the COVID-19 pandemic itself and a related cyber pandemic – was the need for a renewed focus on cybersecurity.
We recently spoke with a prominent chief information security officer to get some of her takeaways from the busy past year – a time when telehealth was scaled up at rapid pace, whole workforces went remote and ransomware ran rampant – and asked how she's applying those lessons today and beyond.
Here's what Anahi Santiago, CISO at Wilmington, Delaware-based ChristianaCare, had to say.
Q. What is a cybersecurity lesson you have learned during the past year, which was so disruptive for the healthcare industry?
A. Even in the face of elevated threats, information security teams have risen to exceptional levels to support their organizations. The speed at which our team had to move to support virtual care and pandemic-related activities while meeting pre-pandemic operational demands demonstrated agility and commitment to the mission. It also enabled us to assert our position as a true partner to our business and clinicians.
Q: How are you applying what you learned in 2021 and beyond?
A: I do not expect the speed or demands to subside in 2021. As ChristianaCare advances the digital and virtual care strategies, information security will need to be designed into the fabric of all those initiatives. The speed and agility that I referenced earlier is or will become a core competency of the information security team.
"I do not expect the speed or demands to subside in 2021."
Anahi Santiago, ChristianaCare
As care moves to the home and the four walls of our facilities dissolve, the scope of what we will have to serve and protect will also extend into people's homes and devices. We must shift our thinking and strategies to account for the significant change in scope.
I also do not expect the threat landscape to ease against the healthcare industry. As such, we will continue to keep pace with the threat actors. All these activities in some cases are complimentary, but in many ways are additive. It's an exciting time for information security professionals but also a very challenging one.
Q: What else have you learned during the past year?
A: Cybersecurity isn't just about blocking and tackling or about process and technology. The human component is integral to the success of information security programs.
As a leader during an especially stressful and difficult time, ensuring the mental health and wellness of the team was a top priority. Finding creative ways to stay connected, creating a sense of community while working remotely and ensuring that our team felt supported has been at the forefront all of these months.
Additionally, one of the opportunities that has been lost is that of informal, casual conversations that took place in the hallways, cafeterias, and before and after meetings. Those educational opportunities have been lost, and I strongly believe that they are important. Finding ways to fill those gaps to ensure critical connections remain in place has also been important.
Q: How do you plan on applying that lesson?
A: Continuing to remain connected and attuned to the pulse of the team. Seeking new ways to keep the dialogue active with leaders and stakeholders external to our team. In the simplest of terms, ensuring that the human element of our mission remains top of mind.