Actu
Awareness is Key: Educating Executives on Cybersecurity Risks in Healthcare
May 2023 by Anis Trabelsi
As the Chief Information Officer of Palomar Health, the largest healthcare district in California, I believe
it is crucial to strike a balance between technology, cybersecurity and business needs. Historically,
healthcare organizations are known for their focus on technology and innovation. However, the
proliferation of electronic health records, the interconnectivity of medical devices and the rise of
telehealth has made healthcare systems more vulnerable to cyber-attacks. According to a recent study,
89% of healthcare organizations reported around 43 cyber-attacks per year, almost one attack a
week. Cyber criminals will continue to target healthcare systems more frequently, and the resulting
breaches have significant consequences, including loss of sensitive patient data, reputational damage
and operational disruptions.
My challenge every day is to keep up with healthcare needs while making sure patient data is kept safe.
As healthcare IT executives, we recognize the importance of cybersecurity, but the challenges of security
are not always understood by other leaders. Too often, business executives focus solely on business
needs, without fully understanding the risks and threats that come with implementing new
technologies. This can result in a situation where security is an afterthought, and the organization is left
vulnerable to attack.
A big part of our role as IT leaders is to engage other executives in our organization to raise awareness
of the importance of cybersecurity. I have found that many executives are not aware of the risks and
threats facing healthcare organizations today, or of the potential impact of a security breach. To address
this, I have made a concerted effort to engage other executives in conversations about cybersecurity, to
provide training and education, and to involve them in our cybersecurity strategy development.
Palomar Health is one of the few hospitals I know of who has created in-depth cybersecurity playbooks
not just for the IT department, but for each business owner. I have found that engaging other executives
in this way has been crucial in shifting our organization’s culture towards prioritizing cybersecurity. It
was not uncommon for IT departments to be left out of the loop when it comes to business technology
contracts until it is too late. I have championed IT involvement in the contract selection process from the
beginning. Our IT department must review the functionality of the new technology and assess its
compatibility with existing systems. They can also identify potential security risks and work with the
vendor to address them before the technology is implemented. This vetting process also allows for more
timely incident response.
By involving other executives in our cybersecurity strategy development, they have gained a deeper
understanding of the risks and threats facing our organization and have become more invested in our
security programs. They are now more likely to support and advocate for cybersecurity initiatives, and
to ensure that their teams are following our security policies and procedures. I encourage other
healthcare organizations to follow our example and prioritize cybersecurity in their own organizations
