Welcome!

News Feed Item

The New Healthcare Vulnerability: Closing the Cybersecurity Leadership Gap

HITRUST, in partnership with Southern Methodist University’s (SMU) Cox School of Business, today announced the first Healthcare Information Security and Technology Risk Management Graduate Certificate Program. This new program was founded to address the evolving role of Chief Information Security Officers (CISOs) and Chief Technology Risk Officers (CTROs) within healthcare organizations by providing security and risk professionals the industry-specific skills and competencies lacking today and needed to advance into these senior leadership positions. With the rise of digital risks throughout healthcare organizations, these gaps in talent are proving more troubling than technical gaps.

A high-profile faculty of professors from SMU’s Cox School of Business and Lyle School of Engineering will lead and govern the new program, as well as selected adjunct professors representing CISOs, CIOs and other senior-level executives from leading healthcare companies. Please see details regarding program leaders and oversight committee members below.

The exploding volume of sensitive electronic information in the healthcare industry, coupled with the need for instant access to information across devices and geographies, has magnified cybersecurity threats to these organizations. In fact a privacy breach on the scale of retailer Target’s is anticipated, according to health information security experts. At the same time, regulatory compliance scrutiny and fines as well as competitive pressures to innovate in a fast-paced digital economy are increasing. This risk environment is evolving at a much faster pace than security teams can keep up. As a result healthcare organizations are being forced to redefine and expand and structure of the CISO and CTRO role and the demand being placed on those executives who occupy the position, creating a gap between the demands of the job and the skills by those holding the positions. Yet the resources and formal programs available to help mature and enhance the skills have not been available.

This trend parallels predictions by security industry analysts. In fact, By 2017, 1/3 of large enterprises engaging in digital business will have a Digital Risk Officer or equivalent according to Gartner1.

"Digital risk officers (DROs) will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," wrote Paul Proctor et al., vice president and distinguished analyst at Gartner. "Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role as we are defining it."

The Healthcare Information Security and Technology Risk Management Graduate Certificate Program addresses the major lack of relevant curriculum to develop these complex roles as well as a lack of relevant credentials that prospective employers can use to identify candidates. Unlike other certificates and courses today that are primarily basic or technical, the program addresses the gap for healthcare-specific information security technology, leadership and business-level management paths. Individuals passing the exam will receive a certificate in Healthcare Information Security and Technology Risk Management (CHISTRM).

The curriculum will span a range of topics including:

  • Information technology and security challenges in a healthcare environment
  • How to create a culture of security and privacy
  • IT leadership and dealing with privacy and ethics issues
  • Impact of industry, state and national regulations and policies
  • Economics of information security and risk management
  • IT security within business processes, and the IT infrastructure
  • Project management
  • Risk assessment and management methodology

Classes will be held quarterly at SMU starting in October 2014. Admission to the fellowship program will be based on nomination by the applicant’s senior management (CIO, CISO, etc.). Individuals interested in participating will also have to complete an application, meet the minimum education and experience requirements in information security and IT management and computer science. For more information on the program or the application process please visit: http://www.cox.smu.edu/web/certificate-on-healthcare-information-risk-management/chistrm.

Program Leaders

Amit Basu Ph.D. Professor, Carr P Collins Chair in MIS, ITOM Dept
Chair and Fred Chang, Director, of SMU Lyle’s Darwin Deason Institute for Cyber Security
Bobby B. Lyle Centennial Distinguished Chair in Cyber Security Professor

Program Oversight Committee

Sharon Finney, Corporate Data Security Officer, Adventist Health System
Erick Rudiak, vice president and CISO, Express Scripts
Robert Booker, vice president and CISO, United Health Group
Jon Moore, vice president and CISO, Humana
Roy Mellinger, vice president and CISO, WellPoint
Michael Wilson, vice president and CISO, McKesson
David Muntz, senior vice president and CIO, GetWellNetwork
Pamela Arora, senior vice president and CIO, Children’s Medical Center
Patrick Joyce, vice president, Global IT, Chief Security and Privacy Officer, Medtronic
Jorge D. DeCesare, vice president and Chief Information Security Officer, Dignity Health

Supporting Quotes

“Healthcare is a risk-sensitive, information-driven endeavor. The digitization of data across the healthcare continuum raises concerns about security and privacy. This new certificate program will provide an opportunity to share insights and experiences that will help those who have newer and broader responsibilities prepare the increasingly complex healthcare enterprise for the future.”
-David S. Muntz, CHCIO, FCHIME, LCHIME, FHIMSS, SVP & CIO, GetWellNetwork

“Successful healthcare industry CISOs in today’s connected digital economy need not only technical expertise but also business knowledge, to work effectively with CXOs on increasingly critical information security and risk management issues. That is the focus of the CHISTRM program.”
-Amit Basu Ph.D., Professor, Carr P Collins Chair in MIS, ITOM - Dept. Chair

“New regulations tied to the Affordable Care Act are now in effect regarding protected health information and electronic health records, which only underscores the need for data security to ensure privacy among patients. Cyberspace can be a pretty bad neighborhood, with too few barriers standing between hackers and their targets. Healthcare providers recognize that data security is of vital importance to their business.”
-Fred Chang, Director of Darwin Deason Institute for Cyber Security Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security at the Lyle School of Engineering, SMU

“HITRUST is engaged with all types and sizes of organizations in the industry and has substantial insights into their information protection practices and the impact a properly educated and trained information security leaders can have on the organization. The industry needs to invest in the CISOs and CTROs of the future to ensure the protection of vital information assets and systems, and maintain consumer confidence.”
-Daniel Nutkis, CEO, HITRUST

About SMU Cox

SMU's Cox School of Business, originally established in Dallas in 1920 and named in honor of benefactor Edwin L. Cox in 1978, offers a full range of undergraduate and graduate business education programs. Among them: BBA, Full-Time MBA, Professional MBA (PMBA), Executive MBA (EMBA), Master of Science in Accounting, Master of Science in Business Analytics, Master of Science in Entrepreneurship, Master of Science in Finance, Master of Science in Management, Master of Science in Sport Management, as well as Executive Education and multiple certificate programs. The SMU Cox international alumni network includes chapters in more than 20 countries.

About SMU

SMU is a nationally ranked private university in Dallas founded 100 years ago. Today, SMU enrolls nearly 11,000 students who benefit from the academic opportunities and international reach of seven degree-granting schools.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information privacy, risk and security leaders, has established a number of programs to support any and all organizations that create, access, store or exchange personal health and financial information. HITRUST is supporting the industry through its framework, assurance program, cyber center, risk management tools, education and leadership. It is also driving the widespread confidence in the industry’s safeguarding of health information through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

1 Innovation Insight: Digital Business Innovation Risk Will Bring About the Rise of the Digital Risk Officer," Published: 18 June 2014, Analyst(s): Paul E. Proctor | Earl Perkins | Andrew Walls.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...