Q&A with Yuma Regional Medical Center VP/CISO, Blaine Hebert: “Getting the Basics Right Goes a Long Way”

It’s the key question all CISOs have to ask themselves – especially those at small- to mid-sized organizations whose cyber teams run in the single digits as opposed to hundreds: how do I operate so as to get the biggest bang for my limited buck? For Blaine Hebert, VP and CISO at Yuma Regional Medical, it’s all about picking a cyber framework and sticking to it. In doing so, he says hospitals and health systems will, by default, focus on key foundational issues – the blocking and tackling whose neglect is often the root cause of so many breaches. But it doesn’t stop there, Hebert also recommends building relationships with key users before an incident to facilitate business continuity – ‘you don’t want to get introduced for the first time during a breach,’ he advises. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Hebert covers these issues and many more.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

There’s a tendency in healthcare – and probably other industry verticals – to focus on the new shiny thing in cyber, and I think we miss the boat if we don’t just stick to the foundational issues.

In healthcare today, unfortunately, CISOs are really still not given a seat at the big table. They are still relegated to a direct report – it could be the CIO, CTO, whatever the case may be. I think there are not enough CISOs that are given board-level visibility.

To me, my part as a CISO is I’ve got to have that pre-coordination effort done. I need to know all those people by name, have coffee with them, get to know them, let them know I’m here to support them.

Anthony: Welcome to healthsystemCIO’s interview with Blaine Hebert, VP and CISO at Yuma Regional Medical Center. I’m Anthony Guerra, Founder and Editor in Chief. Blaine, thanks for joining me.

Blaine: Great to be here, Anthony. Thanks for having me.

Anthony: Good. Looking forward to having a fun chat. You want to start off, Blaine, by telling me about your organization and your role?

Blaine: I’m the VP and CISO at Yuma Regional Medical Center in Yuma, Arizona, been there approximately a year now. We’re a 400-bed, not for profit hospital. Pretty small cyber team. I’ve got four direct reports that fall underneath me. I’m the first CISO that Yuma Regional has had. Prior to that, they had some virtual CISOs that were supporting the organization.

Currently, we’re a one-hospital system there. Really, the only regional medical center between San Diego and Phoenix, so quite a large population here that we support.

Anthony: Very good. I want to start out with the open–ended question and just see what’s on your mind. What are some of the trends that you’re watching? Either things you’re working on or trends you’re watching, just what’s top of mind right now?

Blaine: Well, I don’t think there’s a CISO in our industry that doesn’t lose sleep over ransomware. That’s probably the number one ticket item. Then, AI is really in the forefront right now. We’re trying to get our arms around some governance structure for AI and doing some good things there. Really, first and foremost for me is just making sure that we’re doing the standards and the foundations right at Yuma Regional.

There’s a tendency in healthcare – and probably other industry verticals – to focus on the new shiny thing in cyber, and I think we miss the boat if we don’t just stick to the foundational issues. That’s so evident now that Change Healthcare thing came out and sh...