Welcome!

News Feed Item

The New Healthcare Vulnerability: Closing the Cybersecurity Leadership Gap

HITRUST, in partnership with Southern Methodist University’s (SMU) Cox School of Business, today announced the first Healthcare Information Security and Technology Risk Management Graduate Certificate Program. This new program was founded to address the evolving role of Chief Information Security Officers (CISOs) and Chief Technology Risk Officers (CTROs) within healthcare organizations by providing security and risk professionals the industry-specific skills and competencies lacking today and needed to advance into these senior leadership positions. With the rise of digital risks throughout healthcare organizations, these gaps in talent are proving more troubling than technical gaps.

A high-profile faculty of professors from SMU’s Cox School of Business and Lyle School of Engineering will lead and govern the new program, as well as selected adjunct professors representing CISOs, CIOs and other senior-level executives from leading healthcare companies. Please see details regarding program leaders and oversight committee members below.

The exploding volume of sensitive electronic information in the healthcare industry, coupled with the need for instant access to information across devices and geographies, has magnified cybersecurity threats to these organizations. In fact a privacy breach on the scale of retailer Target’s is anticipated, according to health information security experts. At the same time, regulatory compliance scrutiny and fines as well as competitive pressures to innovate in a fast-paced digital economy are increasing. This risk environment is evolving at a much faster pace than security teams can keep up. As a result healthcare organizations are being forced to redefine and expand and structure of the CISO and CTRO role and the demand being placed on those executives who occupy the position, creating a gap between the demands of the job and the skills by those holding the positions. Yet the resources and formal programs available to help mature and enhance the skills have not been available.

This trend parallels predictions by security industry analysts. In fact, By 2017, 1/3 of large enterprises engaging in digital business will have a Digital Risk Officer or equivalent according to Gartner1.

"Digital risk officers (DROs) will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," wrote Paul Proctor et al., vice president and distinguished analyst at Gartner. "Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role as we are defining it."

The Healthcare Information Security and Technology Risk Management Graduate Certificate Program addresses the major lack of relevant curriculum to develop these complex roles as well as a lack of relevant credentials that prospective employers can use to identify candidates. Unlike other certificates and courses today that are primarily basic or technical, the program addresses the gap for healthcare-specific information security technology, leadership and business-level management paths. Individuals passing the exam will receive a certificate in Healthcare Information Security and Technology Risk Management (CHISTRM).

The curriculum will span a range of topics including:

  • Information technology and security challenges in a healthcare environment
  • How to create a culture of security and privacy
  • IT leadership and dealing with privacy and ethics issues
  • Impact of industry, state and national regulations and policies
  • Economics of information security and risk management
  • IT security within business processes, and the IT infrastructure
  • Project management
  • Risk assessment and management methodology

Classes will be held quarterly at SMU starting in October 2014. Admission to the fellowship program will be based on nomination by the applicant’s senior management (CIO, CISO, etc.). Individuals interested in participating will also have to complete an application, meet the minimum education and experience requirements in information security and IT management and computer science. For more information on the program or the application process please visit: http://www.cox.smu.edu/web/certificate-on-healthcare-information-risk-management/chistrm.

Program Leaders

Amit Basu Ph.D. Professor, Carr P Collins Chair in MIS, ITOM Dept
Chair and Fred Chang, Director, of SMU Lyle’s Darwin Deason Institute for Cyber Security
Bobby B. Lyle Centennial Distinguished Chair in Cyber Security Professor

Program Oversight Committee

Sharon Finney, Corporate Data Security Officer, Adventist Health System
Erick Rudiak, vice president and CISO, Express Scripts
Robert Booker, vice president and CISO, United Health Group
Jon Moore, vice president and CISO, Humana
Roy Mellinger, vice president and CISO, WellPoint
Michael Wilson, vice president and CISO, McKesson
David Muntz, senior vice president and CIO, GetWellNetwork
Pamela Arora, senior vice president and CIO, Children’s Medical Center
Patrick Joyce, vice president, Global IT, Chief Security and Privacy Officer, Medtronic
Jorge D. DeCesare, vice president and Chief Information Security Officer, Dignity Health

Supporting Quotes

“Healthcare is a risk-sensitive, information-driven endeavor. The digitization of data across the healthcare continuum raises concerns about security and privacy. This new certificate program will provide an opportunity to share insights and experiences that will help those who have newer and broader responsibilities prepare the increasingly complex healthcare enterprise for the future.”
-David S. Muntz, CHCIO, FCHIME, LCHIME, FHIMSS, SVP & CIO, GetWellNetwork

“Successful healthcare industry CISOs in today’s connected digital economy need not only technical expertise but also business knowledge, to work effectively with CXOs on increasingly critical information security and risk management issues. That is the focus of the CHISTRM program.”
-Amit Basu Ph.D., Professor, Carr P Collins Chair in MIS, ITOM - Dept. Chair

“New regulations tied to the Affordable Care Act are now in effect regarding protected health information and electronic health records, which only underscores the need for data security to ensure privacy among patients. Cyberspace can be a pretty bad neighborhood, with too few barriers standing between hackers and their targets. Healthcare providers recognize that data security is of vital importance to their business.”
-Fred Chang, Director of Darwin Deason Institute for Cyber Security Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security at the Lyle School of Engineering, SMU

“HITRUST is engaged with all types and sizes of organizations in the industry and has substantial insights into their information protection practices and the impact a properly educated and trained information security leaders can have on the organization. The industry needs to invest in the CISOs and CTROs of the future to ensure the protection of vital information assets and systems, and maintain consumer confidence.”
-Daniel Nutkis, CEO, HITRUST

About SMU Cox

SMU's Cox School of Business, originally established in Dallas in 1920 and named in honor of benefactor Edwin L. Cox in 1978, offers a full range of undergraduate and graduate business education programs. Among them: BBA, Full-Time MBA, Professional MBA (PMBA), Executive MBA (EMBA), Master of Science in Accounting, Master of Science in Business Analytics, Master of Science in Entrepreneurship, Master of Science in Finance, Master of Science in Management, Master of Science in Sport Management, as well as Executive Education and multiple certificate programs. The SMU Cox international alumni network includes chapters in more than 20 countries.

About SMU

SMU is a nationally ranked private university in Dallas founded 100 years ago. Today, SMU enrolls nearly 11,000 students who benefit from the academic opportunities and international reach of seven degree-granting schools.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information privacy, risk and security leaders, has established a number of programs to support any and all organizations that create, access, store or exchange personal health and financial information. HITRUST is supporting the industry through its framework, assurance program, cyber center, risk management tools, education and leadership. It is also driving the widespread confidence in the industry’s safeguarding of health information through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

1 Innovation Insight: Digital Business Innovation Risk Will Bring About the Rise of the Digital Risk Officer," Published: 18 June 2014, Analyst(s): Paul E. Proctor | Earl Perkins | Andrew Walls.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"Venafi has a platform that allows you to manage, centralize and automate the complete life cycle of keys and certificates within the organization," explained Gina Osmond, Sr. Field Marketing Manager at Venafi, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
Creating replica copies to tolerate a certain number of failures is easy, but very expensive at cloud-scale. Conventional RAID has lower overhead, but it is limited in the number of failures it can tolerate. And the management is like herding cats (overseeing capacity, rebuilds, migrations, and degraded performance). In his general session at 18th Cloud Expo, Scott Cleland, Senior Director of Product Marketing for the HGST Cloud Infrastructure Business Unit, discussed how a new approach is neces...
"This week we're really focusing on scalability, asset preservation and how do you back up to the cloud and in the cloud with object storage, which is really a new way of attacking dealing with your file, your blocked data, where you put it and how you access it," stated Jeff Greenwald, Senior Director of Market Development at HGST, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis tool. It is an extremely lightweight tool that can integrate with pretty much any build process right now," explained Andrew Siegmund, Application Migration Specialist for CAST, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...
"We work around really protecting the confidentiality of information, and by doing so we've developed implementations of encryption through a patented process that is known as superencipherment," explained Richard Blech, CEO of Secure Channels Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Software-defined storage is a big problem in this industry because so many people have different definitions as they see fit to use it," stated Peter McCallum, VP of Datacenter Solutions at FalconStor Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year we saw that a lot of developers need to learn how to do their job in the cloud and we see this DevOps movement that we are catering to with our content," stated Alessandro Fasan, Head of Global Sales at Cloud Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
"We're focused on how to get some of the attributes that you would expect from an Amazon, Azure, Google, and doing that on-prem. We believe today that you can actually get those types of things done with certain architectures available in the market today," explained Steve Conner, VP of Sales at Cloudistics, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...