Welcome!

News Feed Item

The New Healthcare Vulnerability: Closing the Cybersecurity Leadership Gap

HITRUST, in partnership with Southern Methodist University’s (SMU) Cox School of Business, today announced the first Healthcare Information Security and Technology Risk Management Graduate Certificate Program. This new program was founded to address the evolving role of Chief Information Security Officers (CISOs) and Chief Technology Risk Officers (CTROs) within healthcare organizations by providing security and risk professionals the industry-specific skills and competencies lacking today and needed to advance into these senior leadership positions. With the rise of digital risks throughout healthcare organizations, these gaps in talent are proving more troubling than technical gaps.

A high-profile faculty of professors from SMU’s Cox School of Business and Lyle School of Engineering will lead and govern the new program, as well as selected adjunct professors representing CISOs, CIOs and other senior-level executives from leading healthcare companies. Please see details regarding program leaders and oversight committee members below.

The exploding volume of sensitive electronic information in the healthcare industry, coupled with the need for instant access to information across devices and geographies, has magnified cybersecurity threats to these organizations. In fact a privacy breach on the scale of retailer Target’s is anticipated, according to health information security experts. At the same time, regulatory compliance scrutiny and fines as well as competitive pressures to innovate in a fast-paced digital economy are increasing. This risk environment is evolving at a much faster pace than security teams can keep up. As a result healthcare organizations are being forced to redefine and expand and structure of the CISO and CTRO role and the demand being placed on those executives who occupy the position, creating a gap between the demands of the job and the skills by those holding the positions. Yet the resources and formal programs available to help mature and enhance the skills have not been available.

This trend parallels predictions by security industry analysts. In fact, By 2017, 1/3 of large enterprises engaging in digital business will have a Digital Risk Officer or equivalent according to Gartner1.

"Digital risk officers (DROs) will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," wrote Paul Proctor et al., vice president and distinguished analyst at Gartner. "Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfill this role as we are defining it."

The Healthcare Information Security and Technology Risk Management Graduate Certificate Program addresses the major lack of relevant curriculum to develop these complex roles as well as a lack of relevant credentials that prospective employers can use to identify candidates. Unlike other certificates and courses today that are primarily basic or technical, the program addresses the gap for healthcare-specific information security technology, leadership and business-level management paths. Individuals passing the exam will receive a certificate in Healthcare Information Security and Technology Risk Management (CHISTRM).

The curriculum will span a range of topics including:

  • Information technology and security challenges in a healthcare environment
  • How to create a culture of security and privacy
  • IT leadership and dealing with privacy and ethics issues
  • Impact of industry, state and national regulations and policies
  • Economics of information security and risk management
  • IT security within business processes, and the IT infrastructure
  • Project management
  • Risk assessment and management methodology

Classes will be held quarterly at SMU starting in October 2014. Admission to the fellowship program will be based on nomination by the applicant’s senior management (CIO, CISO, etc.). Individuals interested in participating will also have to complete an application, meet the minimum education and experience requirements in information security and IT management and computer science. For more information on the program or the application process please visit: http://www.cox.smu.edu/web/certificate-on-healthcare-information-risk-management/chistrm.

Program Leaders

Amit Basu Ph.D. Professor, Carr P Collins Chair in MIS, ITOM Dept
Chair and Fred Chang, Director, of SMU Lyle’s Darwin Deason Institute for Cyber Security
Bobby B. Lyle Centennial Distinguished Chair in Cyber Security Professor

Program Oversight Committee

Sharon Finney, Corporate Data Security Officer, Adventist Health System
Erick Rudiak, vice president and CISO, Express Scripts
Robert Booker, vice president and CISO, United Health Group
Jon Moore, vice president and CISO, Humana
Roy Mellinger, vice president and CISO, WellPoint
Michael Wilson, vice president and CISO, McKesson
David Muntz, senior vice president and CIO, GetWellNetwork
Pamela Arora, senior vice president and CIO, Children’s Medical Center
Patrick Joyce, vice president, Global IT, Chief Security and Privacy Officer, Medtronic
Jorge D. DeCesare, vice president and Chief Information Security Officer, Dignity Health

Supporting Quotes

“Healthcare is a risk-sensitive, information-driven endeavor. The digitization of data across the healthcare continuum raises concerns about security and privacy. This new certificate program will provide an opportunity to share insights and experiences that will help those who have newer and broader responsibilities prepare the increasingly complex healthcare enterprise for the future.”
-David S. Muntz, CHCIO, FCHIME, LCHIME, FHIMSS, SVP & CIO, GetWellNetwork

“Successful healthcare industry CISOs in today’s connected digital economy need not only technical expertise but also business knowledge, to work effectively with CXOs on increasingly critical information security and risk management issues. That is the focus of the CHISTRM program.”
-Amit Basu Ph.D., Professor, Carr P Collins Chair in MIS, ITOM - Dept. Chair

“New regulations tied to the Affordable Care Act are now in effect regarding protected health information and electronic health records, which only underscores the need for data security to ensure privacy among patients. Cyberspace can be a pretty bad neighborhood, with too few barriers standing between hackers and their targets. Healthcare providers recognize that data security is of vital importance to their business.”
-Fred Chang, Director of Darwin Deason Institute for Cyber Security Bobby B. Lyle Endowed Centennial Distinguished Chair in Cyber Security at the Lyle School of Engineering, SMU

“HITRUST is engaged with all types and sizes of organizations in the industry and has substantial insights into their information protection practices and the impact a properly educated and trained information security leaders can have on the organization. The industry needs to invest in the CISOs and CTROs of the future to ensure the protection of vital information assets and systems, and maintain consumer confidence.”
-Daniel Nutkis, CEO, HITRUST

About SMU Cox

SMU's Cox School of Business, originally established in Dallas in 1920 and named in honor of benefactor Edwin L. Cox in 1978, offers a full range of undergraduate and graduate business education programs. Among them: BBA, Full-Time MBA, Professional MBA (PMBA), Executive MBA (EMBA), Master of Science in Accounting, Master of Science in Business Analytics, Master of Science in Entrepreneurship, Master of Science in Finance, Master of Science in Management, Master of Science in Sport Management, as well as Executive Education and multiple certificate programs. The SMU Cox international alumni network includes chapters in more than 20 countries.

About SMU

SMU is a nationally ranked private university in Dallas founded 100 years ago. Today, SMU enrolls nearly 11,000 students who benefit from the academic opportunities and international reach of seven degree-granting schools.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information privacy, risk and security leaders, has established a number of programs to support any and all organizations that create, access, store or exchange personal health and financial information. HITRUST is supporting the industry through its framework, assurance program, cyber center, risk management tools, education and leadership. It is also driving the widespread confidence in the industry’s safeguarding of health information through awareness, education, advocacy and other outreach activities. For more information, visit www.HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

1 Innovation Insight: Digital Business Innovation Risk Will Bring About the Rise of the Digital Risk Officer," Published: 18 June 2014, Analyst(s): Paul E. Proctor | Earl Perkins | Andrew Walls.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
Today companies are looking to achieve cloud-first digital agility to reduce time-to-market, optimize utilization of resources, and rapidly deliver disruptive business solutions. However, leveraging the benefits of cloud deployments can be complicated for companies with extensive legacy computing environments. In his session at 21st Cloud Expo, Craig Sproule, founder and CEO of Metavine, will outline the challenges enterprises face in migrating legacy solutions to the cloud. He will also prese...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...