Governance & Risk Management

Why Security Priorities Need to Shift to Safety Issues

Cybersecurity Expert Joshua Corman on Addressing Risks to Patients
Joshua Corman, co-founder, I Am The Cavalry

The healthcare sector's cybersecurity efforts need to shift from a focus on protecting patient information confidentiality to protecting patient safety, says Joshua Corman, co-founder of I Am The Cavalry, a grassroots, not-for-profit cyber safety organization. He's also chief security officer at software developer PTC and a fellow at the Atlantic Council.

See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity

"We make a joke in the Cavalry: I love my privacy; I'd like to be alive to enjoy it," he says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.

The top security priority of most healthcare sector entities has long been protecting the privacy of patient information, Corman notes. But as ambitious new efforts, such as the national Precision Medicine Initiative, take shape, organizations also need to "focus on patient safety and the availability of critical resources," he says.

"It's not that privacy doesn't matter - we're failing miserably at it - and in a lot of ways, the toothpaste is out of the tube. But if you just design for privacy, you might encrypt things, but if you design for privacy and safety, maybe you design things differently," he says. "The threat models are more comprehensive. So there's significant work to do, and right now, if a hospital has to choose between protecting a patient record or protecting the patient ... there's no incentive to protect the patient, really. This is unchartered territory and we're out of time."

In the interview, Corman also discusses:

  • The serious threats to patient safety posed by ransomware and other cyberattacks on the healthcare sector;
  • Recent hacking simulations conducted by I Am the Cavalry involving emergency room physicians to study the potential safety impact on patients;
  • The cybersecurity challenges facing especially small, midsized and rural healthcare providers.

In addition to his work at I Am the Cavalry, Corman is also chief security officer at software developer PTC, a fellow at the Atlantic Council, and a member of the Department of Health and Human Services' Cybersecurity Task Force. Corman formerly served as chief technology officer for Sonatype, director of security intelligence for Akamai and in senior research and strategy roles for The 451 Group and IBM Internet Security Systems.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.