Governance & Risk Management , Government , Healthcare
HHS on Guard: Prioritizing Patient Data Security
CISO and Acting Deputy CIO La Monte Yarborough on Building a Culture of SecurityThe U.S. Department of Health and Human Services is actively enhancing its cybersecurity measures to protect sensitive health data. CISO and Acting Deputy CIO La Monte Yarborough outlined the measures HHS is taking to protect sensitive data and critical infrastructure amid rising threats.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
HHS is implementing various strategies to fortify its internal environment and provide sector-wide capabilities, Yarborough said. One key program, he said, is the 405(d) Program - a collaborative effort between public and private sectors to strengthen the cybersecurity posture of healthcare organizations. Another major effort is the Healthcare Cybersecurity Coordination Center, which gathers and shares threat intelligence relevant to the healthcare sector to help it fortify defenses.
Healthcare providers' "core competency isn't necessarily cybersecurity," Yarborough said. "They also rely on external entities such as the government to help inform them of the types of measures they should be taking as it pertains to the risk landscape."
In this video interview with Information Security Media Group at the Fraud, Security and Risk Management Summit, Yarborough also discussed:
- The importance of robust security mechanisms involving technology and skilled personnel;
- The need for a cultural shift toward better cybersecurity practices;
- Using the 405(d) Program to identify major threats.
Prior to joining HHS, Yarborough worked in various cybersecurity leadership roles, including CISO of the Department of Homeland Security and the Federal Emergency Management Agency. Prior to DHS, he was a consultant and spent more than 20 years in the U.S. Army, specializing in IT and cybersecurity.