Security News > 2020 > November > CISO Conversations: UW Medicine and Sentara Healthcare CISOs Talk Healthcare Security
This issue of SecurityWeek's CISO Conversations with leading CISOs from the critical industries looks at the healthcare sector.
In this feature we talk to Cris Ewell, CISO at the University of Washington Medical Center, and Dan Bowden, VP and CISO of Sentara Healthcare.
Of course, the need for rapid realignments in security priorities is constant, which leads to one of the perennial issues faced by CISOs: where in the organizational hierarchy should the CISO sit, to be able to effect sudden, dramatic and far-reaching changes to security posture?
"When you start looking at patient care, it's really sobering I think for CISOs coming into a healthcare facility. They have to deal with things like, OK you got $100, and we can spend it on new security, or we can spend it on saving patients' lives. So you have to start really prioritizing, and say every dollar I spend takes it away from patient care. While it's very important to protect patients' security and data, there is a balance to be struck; and that's where a lot of CISOs start to fail," - the balance between the purpose of the organization and the security of the organization.
Bowden continued, "For security we believe in the confidentiality, integrity, and availability; so, with my security hat on, I do track and try to manage that vulnerability. From a compliance standpoint, I may not. I'm not one who has an emotional argument that they should be separate, or together, but I think people need to understand whether they are looking at risk through a security lens or a compliance lens."