“Cybersecurity is a team effort,” Pappas believes. However, he adds, CISOs find themselves responsible for areas beyond their direct control. A key lesson, he notes, is the focus on collaboration, communications, and transparency. “Building strong relationships with the Board of Directors or Audit Committee is essential to bring corporate leadership into the decision-making process, ensuring they understand the tradeoffs between cybersecurity investments and liability risks.”
Being prepared for cybersecurity incidents before they occur is critical, Pappas says, and it should involve senior leadership, PR, and patient engagement departments. “During a real cyberattack, every minute counts, and the pressure on leadership and communication teams will be immense.” Conducting drills and refining an incident response playbook can have significant benefits, Pappas advises. The drills, he reiterates, help staff in developing muscle memory to react effectively in a controlled environment.
Asked about additional advice for healthcare leaders, Pappas replies, “The entire leadership team needs to be more aware of the risks and investment tradeoffs along with their potential…
