Q&A: Cybersecurity in Healthcare, Dr. Mansur Hasib
Award Winning Cybersecurity Leader, Author, and Media Commentator
In 2017 at a ceremony in Austin, TX, (ISC)2 named Dr. Mansur Hasib a “Rock Star” of cybersecurity and presented him an electric guitar along with the (ISC)2 Americas Information Security Leadership Award (ISLA) for leading the implementation of the Master of Science in Cybersecurity Technology degree program at a major university. In 2018 the Global Cyber Startup Observatory based in Europe inducted Dr. Hasib into the Hall of Fame. In 2018 and 2019 SC Magazine awarded Dr. Hasib’s program Best Cybersecurity Higher Education Program award.
Dr. Hasib also won the 2017 Cybersecurity People’s Choice Award and the 2017 Information Governance Expert of the Year Award. He has 30 years of experience leading organizational transformations through digital leadership and cybersecurity strategy in healthcare, biotechnology, education, and energy. He served as Chief Information Officer for 12 years. His seminal book Cybersecurity Leadership (available in ebook, paperback, and audio) has been widely acclaimed by practitioners and scholars alike and is listed among the best IT and cybersecurity books of all time. In 2013, as part of his doctoral work, Dr. Hasib conducted a national study of US healthcare cybersecurity and published the book Impact of Security Culture on Security Compliance in Healthcare in the USA and became one of the first few in the world to earn a Doctor of Science in cybersecurity.
Additionally, with a Bachelor’s degree in Economics and Politics and a Master’s degree in Political Science, Dr. Hasib brings a unique interdisciplinary perspective to anything he discusses. Dr. Hasib enjoys table tennis, comedy, and travel and has been to all 50 states of the USA.
Follow him on Twitter @mhasib
or LinkedIn: www.linkedin.com/in/mansurhasib
To access more content or to contact Dr. Hasib, visit:
How is cybersecurity in healthcare different from cybersecurity in other sectors?
In simple terms, cybersecurity is the mission-focused digital strategy of an organization. Since the mission of healthcare is unique, the cybersecurity strategy will also be unique. The information handled in healthcare is unique. In addition, there may be laws that place restrictions on the collection, storage, processing, and sharing of this information. These laws are often country or region specific. There may be various legal implications, privacy rules, as well as disclosure requirements when problems are discovered.
How does the concept of privacy impact healthcare?
Understanding privacy is fundamental. In the US, privacy has largely been seen as a legal compliance issue and many healthcare organizations have delegated this to lawyers and the legal department. They have often maintained separate privacy officers and security officers with differing missions and often in contention with each other.
However, privacy is simply legislated confidentiality – a key aspect of cybersecurity. Sometimes organizations have focused on data contained within systems. However, information in someone’s mind is just as important. A doctor or nurse can violate privacy, simply by talking about it—so information doesn’t have to be within a system.
Privacy is an aspect of confidentiality and should never be separated from the overarching cybersecurity discipline.
What are your thoughts about medical devices and the Internet of Things (IoT) in healthcare?
This particular issue does not have an easy answer. We have a long way to go and I am afraid that we are getting ahead of ourselves and connecting too many medical and IoT devices with simplistic controls. Too many of these devices still use password based access and do not alarm when tampered with.
What are your thoughts about the use of Blockchain in healthcare?
Blockchain has the promise of finally allowing patients to better control their medical record and only share what is needed.
The current system of centralizing all patient data in consolidated databases in the hands of service providers with dubious protection practices has been harmful to patients. Millions of patient records are in the hands of criminals. At times, these service providers have locked away the information in proprietary systems instead of making it easily accessible by all healthcare service providers. Sometimes they have blocked access from the patients themselves.
Blockchain also has its own perils. It is not clear if proprietary blockchain islands will develop over time. Researchers have also been able to breach Blockchain systems.
Do you think electronic health records have allowed fraud and crime to become easier?
I have heard this argument from many people who are against the use of electronic health records. However, digital crime also leaves a digital trail. Through digital forensics, we can solve crime and catch the perpetrators with a higher degree of certainty. Very hard to argue with digital facts.