Cybersecurity: Anticipating Threats


Harry Greenspun, M.D.

Chief Medical Officer, Managing Director, Health Solutions

Korn Ferry

May 24, 2018

We’d like to hear your thoughts and experiences. Is your organization becoming more agile? How are you adapting to the challenges of the digital economy? 
Join the conversation on LinkedIn

My previous employer distributed a list of “prohibited team-building activities,” which was met with a mixture of curiosity, disbelief, and delight. This included some business clichés like fire-walking and potentially injurious sports like paintball. Perhaps the most interesting was “zorbing,” which involves rolling downhill inside a giant, transparent orb (it’s worth Googling).  Understandably, the firm was not anxious to sponsor this combination of terror, bruising, and nausea. Of course, while meaning no disrespect to “Urban Cowboy” fans, mechanical bull riding was also outlawed.


All these activities came flooding back to me as I was preparing to give a keynote address to a group of healthcare cybersecurity experts. One of the themes of the event was the challenge of keeping up with continually evolving threats. There, in the center of the opening reception, was the perfect metaphor, a threat that surpassed the imagination of my protectors – an enormous mechanical alligator. Without hesitating, my host, the Chief Information Security Officer for a pharmaceutical company, stepped into the padded ring and managed a respectable ride before being hurled to the perimeter.


Healthcare has always been an attractive target for cyber criminals. The private information held within is much more persistent than a credit card number or password that can be quickly changed. Consequently, health data is much more valuable. In addition, given the literally life-or-death implications of losing access to medical records, health systems have been particularly vulnerable to ransomware attacks. Compounding this has been a relative under-investment in cybersecurity, adding to vulnerabilities amid escalating sophistication of threats.


However, what is really driving the cybersecurity challenge for healthcare are the changes in healthcare itself. Some key issues are as follows:


  1. The increased need to exchange data – With the expansion of value-based care, providers rely upon data-sharing to improve outcomes and lower costs. Health information, once trapped in paper charts, can now we be shared electronically across institutions to speed diagnosis, avoid redundant interventions, and return critical information. Furthermore, other stakeholders from life sciences companies to public health agencies require access to detailed information.

  2. The increased need for coordinated care – As healthcare continues to move from the hospital to the home, more stakeholders, particularly from unrelated organizations, now access sensitive information. Care coordinators, home health providers, disease management companies, and others greatly expand the network.

  3. New methodologies – Advancements in the management of chronic disease and behavioral health have introduced new methods of treatment. Telehealth and remote monitoring have revolutionized our approach to many conditions.

  4. Rising consumerism – As individuals become more invested in their own health, the data they store, the apps they run and even the inquiries they make can reveal a tremendous amount about their health. Moreover, consumers’ protection of their own information is often quite lax when storing or transmitting health data.

  5. Increasing data sources – While once health data resided largely with physicians, individual health data can be found at an exponentially growing number of places.  Fitness and health trackers, smart scales, implantable devices, and even home appliances hold vast quantities of accessible information. In addition, genetic testing services reveal previously unimaginable insights, while exposing new threats.  Interestingly, while hackers have leveraged these sources, so has law enforcement.


While cybersecurity is sometimes viewed as “keeping up with the bad guys,” as we have seen the truth is much more complicated. Both the industry and the threats to it are evolving together, and that requires our leadership to evolve as well. What was once an exercise to “lock down” information has morphed into the need to safeguard an expanding, open network.  Cybersecurity requires leaders who can not only stay ahead of emerging threats, but also understand the changes in healthcare that will expose new threats.   


This dual track to manage cybersecurity proactively ensures that when faced with a new situation, leaders will be able to respond appropriately. Thankfully, as I stood in front of the mechanical alligator, a threat not previously anticipated, I knew how to respond. “Hold my beer.”