Novant health’s Cybersecurity Success: A People-First Approach

Table of Contents

In the increasingly critical landscape of healthcare cybersecurity, Novant health, a nonprofit system serving the Carolinas, is demonstrating a remarkable success story. Rather then solely focusing on technological fortifications, the association has built a thriving cybersecurity department of over 100 experts by centering its strategy around its personnel.

Building a Robust Cybersecurity Team

Led by Sanjeev Sah, CISO and senior vice president of enterprise technology services, Novant Health’s cybersecurity team champions a culture rooted in vigilance, transparency, and collective responsibility. This approach recognizes that technology is only as strong as the people who implement and maintain it. The organization actively invests in numerous opportunities for professional development and advancement for every team member.

According to Srini Uppugonduri,vice president of information security,the team’s strength lies in its cross-disciplinary composition. Experts from clinical care, IT, engineering, regulatory compliance, and business operations collaborate effectively, enabling a deeper understanding of risk within the context of healthcare operations.

The Power of Diversity and Inclusion

Novant Health prioritizes diversity within its security teams,recognizing its essential role in strengthening defenses. nawaz Muhammad, senior director of safeguards and controls, explained that diverse perspectives enhance the ability to identify and respond to threats. This extends to backgrounds, cultures, education, and technical expertise, fostering creative problem-solving and minimizing blind spots.

Fatou Toure, senior director of identity, access, and trust, highlighted the value of including clinical experience within cybersecurity operations. This ensures that security measures do not impede patient care and fosters cooperation among staff. “when teams reflect the populations they serve, they’re more effective in building trust and user-friendly security solutions,” Toure stated.

Here’s a snapshot of the benefits observed from a diverse team:

Area Benefit
Threat Identification Broader range of perspectives leads to identifying more vulnerabilities.
Problem solving Diverse skill sets enable more creative and effective solutions.
Workflow Integration Clinical experience ensures security doesn’t disrupt patient care.
Trust & Adoption Teams reflecting the community build stronger user trust.

Recruitment and Retention Strategies

Novant Health’s success in attracting and retaining talent is multifaceted. Christy Kusick, senior director of governance, risk, and compliance, emphasized the importance of strategic partnerships in identifying and recruiting the right individuals. The organization also actively broadens its talent pipelines, engaging with universities, colleges, veteran transition programs, boot camps, and career-switching initiatives.

The organization’s commitment to employee well-being, mentorship, and development is a key differentiator. Senior leaders prioritize communication and foster a supportive habitat, contributing to a positive and inclusive culture. “Have a plan, execute it, focus on cyber hygiene and acknowledge that your team is your No. 1 defense in security,” suggests Sah.

Did You Know? Healthcare organizations experienced a 79% increase in cyberattacks between March 2023 and February 2024, according to the HIPAA Journal.

The Human Element in Cybersecurity

A crucial understanding within Novant Health is that cybersecurity is not solely a technical problem, but one deeply intertwined with patient safety and overall business strategy. leaders emphasize that every employee, irrespective of their role, plays a part in maintaining a secure environment. It’s about balancing security protocols with the efficient delivery of care,ensuring that security measures enable,rather than obstruct,patient well-being.

Uppugonduri notes the constant need to navigate trade-offs-securing systems while maintaining clinicians’ ability to provide efficient care, or restricting access while fostering collaboration. The team’s mission is to navigate these challenges to create a secure environment that supports superior patient care.

pro Tip: Regularly conduct security awareness training for all staff,not just IT personnel,to emphasize the importance of cybersecurity best practices.

The Evolving Landscape of Healthcare Cybersecurity

The healthcare industry remains a prime target for cyberattacks due to the sensitive nature of patient data and the critical reliance on technology. Ransomware attacks, data breaches, and supply chain vulnerabilities are constant threats.This underscores the need for proactive, people-centric cybersecurity strategies such as the one implemented at Novant Health. Investing in talent, fostering a collaborative culture, and prioritizing diversity are essential steps to creating a resilient defense against emerging cyber threats.

Frequently Asked Questions about Healthcare Cybersecurity

Q: What is the biggest cybersecurity challenge facing healthcare today?

A: The increasing sophistication of cyberattacks, combined with the sensitivity of patient data, makes healthcare a prime target.

Q: Why is a diverse cybersecurity team crucial?

A: Diverse teams bring a wider range of perspectives, enhancing threat identification and problem-solving capabilities.

Q: How can healthcare organizations improve cybersecurity talent recruitment?

A: Broaden talent pipelines, partner with diverse institutions, and offer competitive professional development opportunities.

Q: What’s the role of non-IT staff in cybersecurity?

A: Every employee plays a role in maintaining a secure environment through awareness and adherence to security protocols.

Q: How does novant Health prioritize cybersecurity?

A: Novant Health prioritizes a people-first approach, investing in its team’s growth, fostering collaboration, and promoting diversity.