Critical Security Lessons From the Financial SectorSecurity Expert Greg Garcia on What Healthcare Sector Can Learn
To improve cybersecurity, the healthcare sector should consider adopting some of the best practices implemented in the financial sector, especially those related to supply chain security and information sharing on cyberattacks, says security expert Greg Garcia.
Garcia, who was recently named the first executive director for cybersecurity at the Healthcare and Public Health Sector Coordinating Council, formerly served as executive director at the council for the financial services sector.
"In the financial sector ... regulators were increasingly turning to the banks to better manage the security of their supply chain," he says in an interview with Information Security Media Group. "The financial service sector not only needs to be concerned with their first-level services providers and vendors, but also the people and companies that serve their vendors," he says of a challenge the healthcare sector also faces.
To help address this problem, the financial services sector developed "common uniform contract language for what it means to be secure so that vendors don't have to tailor their security procedures to each and every big bank that asks for special security controls," he says. "The more we can make standardized and make uniform requirements on our vendors, the better they are able to scale up their security practices."
The other key lesson the healthcare sector can learn from the financial services industry is how to deal with a cyber crisis, he says.
The financial sector "has learned how to more efficiently share information while in the midst of a big cyberattack," he says. "We did that both by real-world experience, and doing lots of exercises. The more exercises you can do, the more muscle memory you can develop."
In the interview (see audio link below photo), Garcia also discusses:
- His assessment so far of the state of cybersecurity in the healthcare sector since joining the Healthcare and Public Health Sector Coordinating Council in October;
- The most pressing cybersecurity issues facing the healthcare sector;
- Top priorities on the council's agenda to help improve the state of cybersecurity in the healthcare sector.
Garcia is executive director of cybersecurity at the Healthcare and Public Health Sector Coordinating Council, which brings together the many subsectors of the healthcare industry in collaboration with the government, principally the departments of Health and Human Services and Homeland Security, to develop and implement ways to strengthen the sector's security and resiliency against cyber and physical threats. Previously, Garcia was the nation's first assistant secretary for cybersecurity and communications at DHS from 2006 to 2009. After DHS, Garcia went on to create and lead Bank of America's external partnership strategy for cybersecurity and identity management. He then headed the Financial Services Sector Coordinating Council.