Building Cyber Resilience in Healthcare: Key Strategies with Tommy West of CereCore

Summary

Podcast Summary: Building Cyber Resilience in Healthcare: Key Strategies with Tommy West of CereCore

Becker’s Healthcare Podcast released an insightful episode on August 6, 2025, titled "Building Cyber Resilience in Healthcare: Key Strategies with Tommy West of CereCore." Hosted by Brian Zimmerman, the episode delves into essential strategies healthcare leaders can employ to bolster their cybersecurity defenses amidst an increasingly intricate threat landscape. Tommy West, Enterprise Fellow Security Architecture at CereCore, shares his expertise on effectively navigating and mitigating cyber threats within the healthcare sector.

1. Key Focus Areas for Strengthening Cybersecurity

Tommy West emphasizes that understanding the primary threats is foundational to enhancing cybersecurity. He identifies the main culprits behind breaches as compromised credentials, user-run malware, and unpatched vulnerabilities, especially in external-facing systems.

Human Element Focus: West advocates for prioritizing the human aspect of cybersecurity. He suggests implementing continuous adaptive training that moves beyond traditional annual modules to include microlearning, gamification, and tailored phishing simulations. "Encourage employees to report suspicious activities and give them clear, easy to use channels for doing so" ([00:43] B).
Privileged Access Management: Restricting administrative access to only necessary personnel and implementing strong authentication for privileged accounts are crucial steps. West advises practicing robust identity and access hygiene across the organization.
Data-Centric Security: With healthcare data being a prime target, West recommends establishing a comprehensive data management program. This involves understanding data locations, classifying sensitive information, and utilizing Data Loss Prevention (DLP) tools to prevent unauthorized data exfiltration.
Zero Trust Architecture: Adopting a zero-trust approach means no user, device, or application is trusted by default. Continuous verification of identities, device postures, and access privileges is essential.
API Security: Given that a significant portion of internet traffic involves APIs, West underscores the importance of securing API channels through gateways, strict access controls, and continuous monitoring for vulnerabilities. "In the healthcare space we leverage a lot of third party services and use APIs for data exchange" ([02:00] B).

2. Tailoring Cybersecurity Strategies to Healthcare Operations

Recognizing that each healthcare organization has unique operational and regulatory requirements, West provides strategies to customize cybersecurity measures accordingly.

Prioritizing Patient Care Continuity: Cyber incidents can disrupt critical operations like surgeries and patient monitoring. West advises conducting clinical impact assessments to prioritize security controls that safeguard essential clinical systems. "Cyber strategy should prioritize clinical continuity and operational resilience first" ([04:25] B).
Navigating Regulatory Complexities: Healthcare organizations must adhere to various data privacy regulations such as HIPAA, GDPR, and CCPA. Implementing a data management program that includes data mapping and classification is vital for compliance. "Strategies need to account for where data resides, whether that's on-prem or in the cloud" ([04:25] B).
Ensuring Operational Resilience: Beyond IT systems, strategies should encompass clinical operations, physical facilities, and supply chain resilience. Technological solutions like immutable backups and off-site data vaults facilitate rapid recovery from disruptions.
Vendor Risk Management: Given the reliance on third-party vendors, West highlights the necessity of a comprehensive vendor risk management program. This includes requiring vendors to demonstrate security control effectiveness through independent audits and ensuring contractual security clauses are in place.

3. Managing Risks of Medical and Connected Devices

Medical and IoT devices present significant entry points for cyber threats. West outlines best practices to manage these risks effectively.

Comprehensive Device Inventory: Maintaining an up-to-date inventory of all connected devices, including their IP addresses, firmware versions, and network connectivity, is fundamental. "You need a dynamic, continuously updated inventory of all connected devices" ([07:49] B).
Network Segmentation: Isolating medical devices from other networks limits potential attack vectors. For devices that cannot be patched, strict isolation or micro-segmentation within clinical areas is recommended.
Continuous Vulnerability Management: Regularly reviewing security advisories and collaborating with device manufacturers to understand patching capabilities ensures vulnerabilities are promptly addressed.
Behavioral Anomaly Detection: Implementing specialized IoMT security platforms to monitor device behavior for anomalies helps in early detection of potential threats. "Monitoring their behavior is crucial" ([07:49] B).

4. Communicating Cybersecurity Posture to Organizational Leaders

Effective communication with boards and governance committees is essential for securing buy-in and adequate cybersecurity investments.

Shift in Messaging: West advocates for framing cybersecurity as an enabler of patient care and operational resilience rather than merely a defensive measure. "Move the cybersecurity conversation from being a call center to an enabler of patient care" ([11:12] B).
Key Metrics to Present:
- Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR): Showcasing improvements in these metrics demonstrates enhanced visibility and incident response capabilities.
- Enterprise Risk Management: Presenting a quantified view of cyber risk in relation to the organization's risk appetite helps boards understand the business impact of vulnerabilities.
- Security Control Effectiveness: Metrics such as patch compliance rates and multi-factor authentication adoption rates provide tangible evidence of security posture.
- Incident Response Readiness: Sharing outcomes from tabletop exercises and remediation progress highlights proactive preparedness and continuous improvement.

5. Final Thoughts: Emphasizing Cybersecurity Fundamentals

In concluding the discussion, West reiterates the importance of adhering to cybersecurity fundamentals. Strong authentication, multi-factor authentication, encryption, and robust vulnerability management are cornerstones of an effective security strategy. "Keep focused on the fundamentals. Strong authentication, multi factor authentication, encryption, vulnerability management, all of those core capabilities really make the difference" ([15:11] B).

Tommy West's comprehensive insights provide healthcare leaders with actionable strategies to enhance their cybersecurity resilience. By focusing on the human element, prioritizing critical assets, managing device risks, and effectively communicating with organizational leaders, healthcare institutions can navigate the complex cyber threat landscape with greater confidence and preparedness.

Summary

Podcast Summary: Building Cyber Resilience in Healthcare: Key Strategies with Tommy West of CereCore

1. Key Focus Areas for Strengthening Cybersecurity

Human Element Focus: West advocates for prioritizing the human aspect of cybersecurity. He suggests implementing continuous adaptive training that moves beyond traditional annual modules to include microlearning, gamification, and tailored phishing simulations. "Encourage employees to report suspicious activities and give them clear, easy to use channels for doing so" ([00:43] B).
Privileged Access Management: Restricting administrative access to only necessary personnel and implementing strong authentication for privileged accounts are crucial steps. West advises practicing robust identity and access hygiene across the organization.
Data-Centric Security: With healthcare data being a prime target, West recommends establishing a comprehensive data management program. This involves understanding data locations, classifying sensitive information, and utilizing Data Loss Prevention (DLP) tools to prevent unauthorized data exfiltration.
Zero Trust Architecture: Adopting a zero-trust approach means no user, device, or application is trusted by default. Continuous verification of identities, device postures, and access privileges is essential.
API Security: Given that a significant portion of internet traffic involves APIs, West underscores the importance of securing API channels through gateways, strict access controls, and continuous monitoring for vulnerabilities. "In the healthcare space we leverage a lot of third party services and use APIs for data exchange" ([02:00] B).

2. Tailoring Cybersecurity Strategies to Healthcare Operations

Recognizing that each healthcare organization has unique operational and regulatory requirements, West provides strategies to customize cybersecurity measures accordingly.

Prioritizing Patient Care Continuity: Cyber incidents can disrupt critical operations like surgeries and patient monitoring. West advises conducting clinical impact assessments to prioritize security controls that safeguard essential clinical systems. "Cyber strategy should prioritize clinical continuity and operational resilience first" ([04:25] B).
Navigating Regulatory Complexities: Healthcare organizations must adhere to various data privacy regulations such as HIPAA, GDPR, and CCPA. Implementing a data management program that includes data mapping and classification is vital for compliance. "Strategies need to account for where data resides, whether that's on-prem or in the cloud" ([04:25] B).
Ensuring Operational Resilience: Beyond IT systems, strategies should encompass clinical operations, physical facilities, and supply chain resilience. Technological solutions like immutable backups and off-site data vaults facilitate rapid recovery from disruptions.
Vendor Risk Management: Given the reliance on third-party vendors, West highlights the necessity of a comprehensive vendor risk management program. This includes requiring vendors to demonstrate security control effectiveness through independent audits and ensuring contractual security clauses are in place.

3. Managing Risks of Medical and Connected Devices

Medical and IoT devices present significant entry points for cyber threats. West outlines best practices to manage these risks effectively.

Comprehensive Device Inventory: Maintaining an up-to-date inventory of all connected devices, including their IP addresses, firmware versions, and network connectivity, is fundamental. "You need a dynamic, continuously updated inventory of all connected devices" ([07:49] B).
Network Segmentation: Isolating medical devices from other networks limits potential attack vectors. For devices that cannot be patched, strict isolation or micro-segmentation within clinical areas is recommended.
Continuous Vulnerability Management: Regularly reviewing security advisories and collaborating with device manufacturers to understand patching capabilities ensures vulnerabilities are promptly addressed.
Behavioral Anomaly Detection: Implementing specialized IoMT security platforms to monitor device behavior for anomalies helps in early detection of potential threats. "Monitoring their behavior is crucial" ([07:49] B).

4. Communicating Cybersecurity Posture to Organizational Leaders

Effective communication with boards and governance committees is essential for securing buy-in and adequate cybersecurity investments.

Shift in Messaging: West advocates for framing cybersecurity as an enabler of patient care and operational resilience rather than merely a defensive measure. "Move the cybersecurity conversation from being a call center to an enabler of patient care" ([11:12] B).
Key Metrics to Present:
- Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR): Showcasing improvements in these metrics demonstrates enhanced visibility and incident response capabilities.
- Enterprise Risk Management: Presenting a quantified view of cyber risk in relation to the organization's risk appetite helps boards understand the business impact of vulnerabilities.
- Security Control Effectiveness: Metrics such as patch compliance rates and multi-factor authentication adoption rates provide tangible evidence of security posture.
- Incident Response Readiness: Sharing outcomes from tabletop exercises and remediation progress highlights proactive preparedness and continuous improvement.

wavePod

Powered by Wave AI

Summary

1. Key Focus Areas for Strengthening Cybersecurity

2. Tailoring Cybersecurity Strategies to Healthcare Operations

3. Managing Risks of Medical and Connected Devices

4. Communicating Cybersecurity Posture to Organizational Leaders

5. Final Thoughts: Emphasizing Cybersecurity Fundamentals

Summary

1. Key Focus Areas for Strengthening Cybersecurity

2. Tailoring Cybersecurity Strategies to Healthcare Operations

3. Managing Risks of Medical and Connected Devices

4. Communicating Cybersecurity Posture to Organizational Leaders

5. Final Thoughts: Emphasizing Cybersecurity Fundamentals