Podcast Summary

Episode Overview

Podcast: Becker’s Healthcare Podcast
Title: Greg Sieg on Building a Resilient Cybersecurity Program Across a Growing Health System
Date: February 10, 2026
Guest: Greg Sieg, Chief Information Security Officer at University of Michigan Health Regional Network
Host: Laura Dirdo

This episode features a candid and insightful discussion with Greg Sieg about the complexities and evolving challenges of building a resilient cybersecurity program, especially as health systems undergo rapid growth and integration through acquisitions. The conversation centers on balancing technology and people processes, prioritizing identity governance, navigating the unique challenges of healthcare expansion, and fostering strong interdepartmental relationships during organizational change.

Key Discussion Points & Insights

1. Greg Sieg's Professional Background and Current Role

Greg has over three years at the University of Michigan Health Regional Network, moving from help desk and support roles up to leadership, including experience at a rural health facility.
His current focus is on information security and integrating acquired healthcare entities into a standardized cyber framework.

“I have a background in IT and networking, security. Kind of worked my way up through the rankings…you wear quite a few hats, not just one, before I moved over to the university here.” (00:32)

2. Recent Initiatives and Ongoing Integration Projects

Major work last year involved integrating two acquired affiliates:
- Aligning different organizations under a single cybersecurity framework for consistent standards.
- Focused not only on tools, but also “culture” and communication between departments.
Emphasized the importance of a holistic approach involving both technology and people.

“It’s not just about tools. It’s about people and…building up, you know, a culture.” (01:23)

3. 2026 Priorities and Cybersecurity Headwinds

Main Focus: Identity Governance
- Managing identities across multiple systems (people and machines) to ensure security.
- Addressing challenges of deduplication and clean governance as organizations and vendor relationships grow.
- Importance of strong identity management to prevent bad actors from exploiting the system.
The Role of AI:
- Acknowledged fast-paced changes driven by AI in cybersecurity threats and defenses.

“If you don’t have your identity right, a lot of your tools are…hard just to say that they’re working right.” (03:16) “Right now you get a bad actor that gets a good identity. It’s very hard to track that down…” (03:58)

4. Structuring Governance Processes Uniquely

Single Pane of Glass: Effort towards unifying toolsets for better visibility across newly acquired entities.
Machine Identities: Increasing attention to securing non-human accounts (e.g., for devices, servers, applications), which require different protective measures and automated credentials management.

“…machine identities…have a lifecycle that is a little different than say, a human account…those are things we’re keenly looking at…” (05:18)

5. Persistent Challenges: The People Side

Social Engineering & Phishing:
The most persistent threat is not technical but human: social engineering attacks remain common and difficult to eliminate with tools alone.
Continuous Life Cycle
Cybersecurity is not a “set and forget” task but requires ongoing tuning and vigilance, relying heavily on current cyber threat intelligence.
Communication & Training:
Ongoing staff and patient education is essential, requiring balance and clear communication to ensure compliance without friction.

“Cyber is really a very continuous lifecycle. At the end of the day, we don’t get to go and put a tool in and then walk away and say, okay, the job’s done…” (07:27) “The people side is very subjective. That’s where…we still see a lot of social engineering, a lot of phishing.” (06:51)

6. Growth Opportunities and Risks

Expansion Beyond Hospital Walls:
- Organizational growth is increasingly outside core hospital settings, including ambulatory clinics, virtual care, and home-based care, often driven by AI and technology.
- This expansion complicates security perimeters and increases risk.
Role of Mergers & Acquisitions:
- Continuous M&A activity accelerates change and integration challenges for the cybersecurity program.
- Security must enable, not hinder, business growth.

“Healthcare is expanding…pretty rapidly right now, but it’s expanding outside of the hospital walls…We’re seeing new ambulatory clinics. We’re seeing a lot of virtual. We’re seeing AI playing a role in this as well, bringing a lot more care direct to the patient… And that makes it…a little bit harder [for cybersecurity]…” (09:34) “From the cyber side, I look at it, our job is making sure that as we do these, we’re doing the right pieces to keep us secure, to allow the business to do that organizational growth and feel confident…” (10:22)

7. Integration & Relationship-Building During Mergers

People and Relationships:
- Importance of respecting local cultures at acquired organizations, valuing their experience and input, and collaborating rather than imposing top-down mandates.
- Success in integration depends on building trust and partnering across all departments—not just IT.

“Healthcare’s very, very keen on people and relationships…I want to be looked as a partner that can come in and help. Because when you’re a barrier, people look to go around you versus when you’re a partner, people will come to you and ask you how they can proceed to the next step…” (11:30, 12:53)

Notable Quotes & Memorable Moments

On organizational culture:
“It's not just about tools. It's about people and...a culture.” (01:53; Greg Sieg)
On identity focus:
“If you don't have your identity right, a lot of your tools are...it's hard just to say that they're working right.” (03:54; Greg Sieg)
On continuous improvement:
“Cyber is really a very continuous life cycle. At the end of the day, we don't get to go and put a tool in and then walk away and say, okay, the job's done...” (07:27; Greg Sieg)
On being a partner, not a barrier:
“The last thing I want is to be looked at as a barrier...I want to be looked as a partner...” (12:53; Greg Sieg)

Timestamps for Important Segments

Background and role: 00:32 – 01:15
Recent integration initiatives: 01:23 – 02:43
2026 priorities, especially identity governance: 03:16 – 04:46
Unique governance strategies & challenges with machine identities: 05:18 – 06:43
The toughest challenge (people/processes/social engineering): 06:51 – 09:01
Opportunities and risks from organizational growth: 09:34 – 11:04
Integration challenges and the importance of relationships: 11:30 – 13:26

Conclusion

Greg Sieg emphasized the fundamentally human-centric nature of cybersecurity amidst rapid technological and organizational change. Building resilient programs relies as much on relationships, education, and cultural integration as on technology and frameworks. As health systems grow beyond traditional boundaries, successful security leadership adapts, partners with all stakeholders, and cultivates trust across the organization.

Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. Greg Sieg's Professional Background and Current Role

Greg has over three years at the University of Michigan Health Regional Network, moving from help desk and support roles up to leadership, including experience at a rural health facility.
His current focus is on information security and integrating acquired healthcare entities into a standardized cyber framework.

“I have a background in IT and networking, security. Kind of worked my way up through the rankings…you wear quite a few hats, not just one, before I moved over to the university here.” (00:32)

2. Recent Initiatives and Ongoing Integration Projects

Major work last year involved integrating two acquired affiliates:
- Aligning different organizations under a single cybersecurity framework for consistent standards.
- Focused not only on tools, but also “culture” and communication between departments.
Emphasized the importance of a holistic approach involving both technology and people.

“It’s not just about tools. It’s about people and…building up, you know, a culture.” (01:23)

3. 2026 Priorities and Cybersecurity Headwinds

Main Focus: Identity Governance
- Managing identities across multiple systems (people and machines) to ensure security.
- Addressing challenges of deduplication and clean governance as organizations and vendor relationships grow.
- Importance of strong identity management to prevent bad actors from exploiting the system.
The Role of AI:
- Acknowledged fast-paced changes driven by AI in cybersecurity threats and defenses.

“If you don’t have your identity right, a lot of your tools are…hard just to say that they’re working right.” (03:16) “Right now you get a bad actor that gets a good identity. It’s very hard to track that down…” (03:58)

4. Structuring Governance Processes Uniquely

Single Pane of Glass: Effort towards unifying toolsets for better visibility across newly acquired entities.
Machine Identities: Increasing attention to securing non-human accounts (e.g., for devices, servers, applications), which require different protective measures and automated credentials management.

“…machine identities…have a lifecycle that is a little different than say, a human account…those are things we’re keenly looking at…” (05:18)

5. Persistent Challenges: The People Side

Social Engineering & Phishing:
The most persistent threat is not technical but human: social engineering attacks remain common and difficult to eliminate with tools alone.
Continuous Life Cycle
Cybersecurity is not a “set and forget” task but requires ongoing tuning and vigilance, relying heavily on current cyber threat intelligence.
Communication & Training:
Ongoing staff and patient education is essential, requiring balance and clear communication to ensure compliance without friction.

“Cyber is really a very continuous lifecycle. At the end of the day, we don’t get to go and put a tool in and then walk away and say, okay, the job’s done…” (07:27) “The people side is very subjective. That’s where…we still see a lot of social engineering, a lot of phishing.” (06:51)

6. Growth Opportunities and Risks

Expansion Beyond Hospital Walls:
- Organizational growth is increasingly outside core hospital settings, including ambulatory clinics, virtual care, and home-based care, often driven by AI and technology.
- This expansion complicates security perimeters and increases risk.
Role of Mergers & Acquisitions:
- Continuous M&A activity accelerates change and integration challenges for the cybersecurity program.
- Security must enable, not hinder, business growth.

“Healthcare is expanding…pretty rapidly right now, but it’s expanding outside of the hospital walls…We’re seeing new ambulatory clinics. We’re seeing a lot of virtual. We’re seeing AI playing a role in this as well, bringing a lot more care direct to the patient… And that makes it…a little bit harder [for cybersecurity]…” (09:34) “From the cyber side, I look at it, our job is making sure that as we do these, we’re doing the right pieces to keep us secure, to allow the business to do that organizational growth and feel confident…” (10:22)

7. Integration & Relationship-Building During Mergers

People and Relationships:
- Importance of respecting local cultures at acquired organizations, valuing their experience and input, and collaborating rather than imposing top-down mandates.
- Success in integration depends on building trust and partnering across all departments—not just IT.

“Healthcare’s very, very keen on people and relationships…I want to be looked as a partner that can come in and help. Because when you’re a barrier, people look to go around you versus when you’re a partner, people will come to you and ask you how they can proceed to the next step…” (11:30, 12:53)

Notable Quotes & Memorable Moments

On organizational culture:
“It's not just about tools. It's about people and...a culture.” (01:53; Greg Sieg)
On identity focus:
“If you don't have your identity right, a lot of your tools are...it's hard just to say that they're working right.” (03:54; Greg Sieg)
On continuous improvement:
“Cyber is really a very continuous life cycle. At the end of the day, we don't get to go and put a tool in and then walk away and say, okay, the job's done...” (07:27; Greg Sieg)
On being a partner, not a barrier:
“The last thing I want is to be looked at as a barrier...I want to be looked as a partner...” (12:53; Greg Sieg)

Timestamps for Important Segments

Background and role: 00:32 – 01:15
Recent integration initiatives: 01:23 – 02:43
2026 priorities, especially identity governance: 03:16 – 04:46
Unique governance strategies & challenges with machine identities: 05:18 – 06:43
The toughest challenge (people/processes/social engineering): 06:51 – 09:01
Opportunities and risks from organizational growth: 09:34 – 11:04
Integration challenges and the importance of relationships: 11:30 – 13:26

wavePod

Greg Sieg on Building a Resilient Cybersecurity Program Across a Growing Health System

Powered by Wave AI

Summary

Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. Greg Sieg's Professional Background and Current Role

2. Recent Initiatives and Ongoing Integration Projects

3. 2026 Priorities and Cybersecurity Headwinds

4. Structuring Governance Processes Uniquely

5. Persistent Challenges: The People Side

6. Growth Opportunities and Risks

7. Integration & Relationship-Building During Mergers

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion

Summary

Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. Greg Sieg's Professional Background and Current Role

2. Recent Initiatives and Ongoing Integration Projects

3. 2026 Priorities and Cybersecurity Headwinds

4. Structuring Governance Processes Uniquely

5. Persistent Challenges: The People Side

6. Growth Opportunities and Risks

7. Integration & Relationship-Building During Mergers

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion