These days, some health system CISOs wonder where the buck stops when a cybersecurity event goes down. Who’s responsible for helping the clinical side go through the motions when the CISO says it’s time to go to paper? It should be the CEO, COO, CFO and/or other top executives, and the entire process needs to be planned and practiced until your organization is bored, says Erik Decker, vice president and CISO at Intermountain Healthcare. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Decker says the enterprise-wide response to a cyberattack comes down to muscle memory. “Because then when it’s muscle memory, if and when the event happens, you’re going to be able to get over all the original decision-making burden and be able to manage the context of the specific incidents that you have in front of you.”

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

… ideally, if you have a new contract coming in that’s for technology or data services, that should go through a supply chain; a supply chain should have a fork that comes directly to you. And that way, you don’t have to go out there chasing everybody all the time.

The majority of threat actors out there are criminal organizations that are looking to make money. And they’re doing that through extortion and extortion via ransomware, etc., they’re going to go for the lowest drag pathway possible in order to do that. And that’s why basics is the thing that you have to make sure you’re up to snuff on.

… SBOM is good. It’s the first step in understanding and unpacking what’s going on underneath it. But if you have to do that manually for hundreds of thousands of devices, you can’t. It’s just not enough. You don’t have enough people to do that.

Guerra: Erik, thanks for joining me.

Decker: Happy to be here.

Guerra: All right, great. Erik, do you want to just briefly give us a quick overview of your organization and your role?

Decker: Yes, you bet. So, I’m Erik Decker, I’m the VP and chief information security officer for Intermountain Healthcare. Intermountain Healthcare is an integrated delivery network located in the Mountain West region. So based in Salt Lake City, Utah, but we have Nevada, Utah, Idaho, Colorado, Kansas, and Montana in our portfolio. And being an integrated delivery network, we’re also both a health plan as well as healthcare delivery organization.

Guerra: Very good, Erik. All right, I want to just see what’s on your mind. So what are some of the top trends that you think CISOs should be working on or preparing their organizations to handle?

Decker: Yes, so the top issues that are happening today, of course, still start with ransomware. And there have been several big ones that have hit in the last 30, 60 days or so. And, you know, if you look at how these intruders are getting into these systems, it’s still the basics. Some of the trends that we need to be focusing on are our hygiene, our minimum standards, minimum controls that should be in place that work against the most prevalent attack vectors. And so it’s still multifactor authentication on your VPN, or the lack thereof on VPN, or email, remote desktop open to the outside world, critical vulnerabilities open on your perimeter. You know, these are things that are not overly complex, but the environments that we manage are really complex.