It’s easy to say that security is critical to healthcare operations, since breaches can force hospitals and clinics to cancel patient visits, damage their reputation, and even lead to fines. But how do security professionals get buy-in from board members and the executive-level suite? Some great answers are provided in this interview with two executives from First Health Advisory: Trish Alexander, Executive Vice President of Strategy, and Rick LeMay, Chief Delivery Officer.

LeMay notes that the technical data valued by IT teams, such as the number of suspicious access attempts, often means little to executives. Security professionals need to translate that information into clear business impact, the “so what” behind the numbers.

Alexander urges security teams to look at the boarder goals of the organization. For example, if community availability is a top priority, then security efforts should be framed in terms of protecting that availability. Security goals should align with business goals and KPIs throughout the organization.

The interview also explores universal principles of healthcare cybersecurity. Security cannot be an add-on, it must be built into the strategy from the beginning of the planning process. It also requires input from all levels of the organization and all sectors of the organization, including facilities teams and clinical staff, so that everyone understands their roles and responsibilities.

We also discuss with First Health Advisory the many security assessments  healthcare organizations undergo and the burden they present. Alexander and LeMay call assessments “necessary evils” and encourage organizations to use them as meaningful tools to measure progress. LeMay emphasizes setting “achievable goals” and tracking progress not only through assessments but through practical, real-world improvements. Alexander mentions security frameworks that are helpful.

First Health Advisory supports clients to set security priorities, recognizing that most organizations lack the budget and specialized staff to address everything. When a healthcare organization can’t hire and retain staff with the highly specialized cybersecurity skills they need, First Health Advisory can step in to fill those gaps for a defined period of time.

Flexibility is also stressed, because the organization must react quickly when security incidents arise,

Watch our interview with First Health Advisory for more insights into security risk assessments, staffing, priority setting, and other cybersecurity issues.

Learn more about First Health Advisory: https://firsthealthadvisory.com/

Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.

And for an exclusive look at our top stories, subscribe to our newsletter and YouTube.

Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our Media Kit.

First Health Advisory is a proud sponsor of Healthcare Scene.