Leading the Way in Healthcare Cybersecurity

A Q&A with Vugar Zeynalov

CQD sat down to talk with Chief Information Security Officer Vugar Zeynalov to get an inside view of the challenges of cybersecurity for Cleveland Clinic and all hospitals and health systems. In this Q&A, he highlights the collaboration and balance it takes to secure digital health information.

Advertising Policy

Cleveland Clinic is a non-profit academic medical center. Advertising on our site helps support our mission. We do not endorse non-Cleveland Clinic products or services Policy

What makes healthcare cybersecurity unique?

There are few industries where you come closer to the people you are protecting. Patients are coming to “your house” in their time of greatest need. There is a tremendous sense of responsibility to the patients and to the caregivers who are working tirelessly to help. Worrying about cyber safety should be the last thing on patients’ minds.

Healthcare thrives on innovation, but so do cyber criminals. Cleveland Clinic is world renowned for best-in-class care and cutting-edge research. Our biggest challenge is providing the right level of protection across an incredibly diverse, valuable and constantly changing ecosystem. As a large hospital on the edge of digital innovation, we have the opportunity to experience and address many cybersecurity challenges. Our approaches can work to scale, whether you have 1,000 beds, 100 beds or are a small private practice.

How are you solving the challenges of healthcare?

The challenges of healthcare are complex. Most hospitals’ cybersecurity programs are 10 years behind other industries. If we follow the common practices of those before us, we will never catch up to cutting-edge clinical digitalization. We can learn from the mistakes and successes of those who came before and leap-frog into the future. Most importantly, this is not an area where organizations can afford to compete with each other. Cybersecurity is costing the industry $6 billion a year. There are more than 2,500 hospitals in the U.S. with fewer than 100 beds. They have the same concerns. It would be impossible for them to dedicate resources to solve this problem alone. When it comes to providing care for people, we need to come together and solve these challenges.

Advertising Policy

At Cleveland Clinic we’re using our position to help lead the way in patient cyber-safety and experience. We established a consortium of hospitals to work with manufacturers to improve cyber safety of medical devices. These relationships are an important balance of transparency and operational security. It’s important to us that our patients, partners and other providers know how we protect digital platforms in order to build trust and share ideas. We are open about approaches and tools; this is information that any would-be attacker could find easily. We do not share, and we do not ask others to share, operational information that could compromise security. These are things like technical configurations or processes that generally need to be built specifically for each organization. Finding this balance ensures we are a good partner for our community, while upholding the trust of our patients and caregivers.

What can leaders outside of IT learn from your program?

Leaders outside of IT hold an important role. Protective technologies and security policies are only part of building trusted platforms. The digital transformation of healthcare is about using technology to enhance lives and making seamless experiences between the digital and physical worlds.

The best, and only, way to address these challenges is active participation. If you have access to a keyboard, you’re doing cybersecurity work every day. Our Cybersecurity program is a team of experts that work together to solve the tough problems and provide guidance, but the only way we can keep ourselves and our patients safe is by having an aware and active employee caregiver population. We try to make cybersecurity simple and rewarding for caregivers. We hold regular cross functional exercises so people from all areas can learn how a cyber incident would impact them and how to respond. We provide simple one-click tools for reporting suspicious activity. It is an easy way for caregivers to protect themselves and keep their inboxes clean. Therefore, the most dynamic line of defense? A vigilant population built upon a strong corporate culture.

Advertising Policy

Leadership programs developed by Cleveland Clinic encourage innovation and create projects that have positive institutional impact. For more information on Cleveland Clinic Global Executive Education contact the team online at clevelandclinic.org/execed.