Why a Lab Launched a Vulnerability Disclosure ProgramLifeLabs CISO Mike Melo on Collaborating with Cyber Researchers
A recently launched vulnerability disclosure program is a critical component of Toronto-based LifeLabs' efforts to bolster the security of its medical diagnostic laboratory services and online technologies used by healthcare providers across Canada, says the company's CISO, Mike Melo.
"I view this as a 'neighborhood watch' program," he says in an interview with Information Security Media Group. "Ultimately, we're engaging and collaborating with the security research community - it promotes the sense of 'see something, say something,' and it allows us to strengthen the security posture of our LifeLabs online tools, applications and portals."
Healthcare entities must work much more closely with the cybersecurity community to elevate their defenses, Melo says.
"Our philosophy is to be transparent and leverage all these tremendous resources in the community that can help us and our customers," he adds. And the lab's vulnerability disclosure program "streamlines the process of accepting, triaging and rapidly remediating vulnerabilities as they are identified."
Featured Speaker at Summit
Melo will be a featured speaker at the ISMG Virtual Cybersecurity Summit: Canada, to be held June 22.
In this interview (see audio link below photo), Melo also discusses:
- How LifeLabs' vulnerability disclosure program, launched in April with security vendor Bugcrowd, works;
- Challenges presented by the surge of ransomware attacks on the healthcare sector during the COVID-19 pandemic;
- Steps to enhance patient portal security.
Melo is CISO of LifeLabs, Canada’s largest medical laboratory. He has over 12 years of experience in cybersecurity and previously served in cybersecurity technical and leadership roles in the finance and telecommunications sectors.