Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Cybersecurity
December 06, 2022 05:00 AM

Christopher Plummer, Dartmouth Health: ‘Everyone working in hospitals: Cybersecurity is your job, too’

Lauren Berryman
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Christopher Plummer

    Christopher Plummer, senior cybersecurity architect at Dartmouth Health, discusses the importance of employee retention and offers his predictions about future threats.

    What does your role as senior cybersecurity architect entail?

    It’s a very broad role. I’m trying to keep pace with cybersecurity threats all across the globe, not just in healthcare. Really, anything that’s happening on the planet could potentially happen to us.

    My role is not only to digest that every day, but also to understand how we mitigate those things in the context of an academic medical center or a large health system. That includes keeping pace with a breadth of cybersecurity tools and solutions that are out there to help. It’s also about understanding the people and processes involved in augmenting those.

    It’s tough to take a day off in cybersecurity, because that could be a big day. You’re kind of permanently plugged in, but you do it because it’s fascinating work.

    Is it common for health systems to have a dedicated cybersecurity program? Is Dartmouth Health doing something different that other systems could benefit from?

    I would venture to say that all hospitals have a program at this point. The real question is whether they have dedicated cybersecurity resources.

    I’ve heard the number fluctuate [when it comes to how many U.S. hospitals lack a dedicated cybersecurity employee]—maybe it’s 75% or maybe it’s in the high 90s. But I’ve had conversations with many hospitals, and I’m fairly comfortable [saying] it’s certainly in that upper three-quarter range. That’s a frightening prospect, considering how deep a cybersecurity program in a hospital really needs to be. That’s getting done by committee in organizations that lack full-time resources, and it just further strains folks who are there to do other work.

    We’re very fortunate to have dedicated cybersecurity resources at Dartmouth Health.

    Filling cybersecurity positions has been a challenge across industries, including healthcare. How has Dartmouth Health dealt with the national cybersecurity workforce shortage, and what strategies have you found to be effective?

    The work of cybersecurity [requires] institutional knowledge that takes years to cultivate, and it’s hard to outsource that. It’s tough to pull in somebody fresh from the outside who’s really only here on short-term engagement. It goes back to retaining our skilled employees.

    I don’t think there’s a hospital in America that has not taken a look at salary. Trying to be as competitive as possible on salary is important. It’s also about what we can extend in terms of flexible work options. I think initially there was some trepidation because you’re talking about patient data flowing out of a hospital and maybe into somebody’s house where they’re working remotely. That was really hard to come to terms with, but I think we’ve done it for the last few years. I think all hospitals have done it, and it’s something that we could extend.

    Download Modern Healthcare’s app to stay informed when industry news breaks.

    Another strategy is thinking about career advancement. [It’s important for systems to consider] how we can train you, how we can educate you, and how we can make you a highly skilled person who will be a fantastic cybersecurity resource. Then, importantly, how we can recognize that work you do.

    The work of cybersecurity in a hospital is often in the shadows, but we must recognize the work of anyone willing to wake up every day and come to work in a hospital.

    What are the incentives for health systems to adequately prioritize cybersecurity?

    I think the biggest lever we’ve seen in the last few years is cybersecurity insurance. That has been a mainstay of any hospital’s cybersecurity program. Cybersecurity insurance has evolved over the last few years in terms of its expectations of what a hospital security program looks like. So that’s been an important driver for change in every hospital and has directly influenced hospitals’ awareness of cybersecurity programs and staffing.

    quote2The work of cybersecurity [requires] institutional knowledge that takes years to cultivate, and it’s hard to outsource that."


    Given the number of healthcare data breaches, what advice would you give health system leaders about preparing for and responding to cyberattacks?

    Employee retention is number one. Your people are everything. You can’t defend your house if no one’s home. It’s just that simple.

    We also have some cybersecurity pillars that are not often talked about. Things like asset management, vulnerability management, identity and access management, supply chain management, and third-party risk management are cornerstones of a security program, and they’re very hard to solve. Unlike email protection or endpoint protection, which are places where hospitals bleed out profusely if not addressed, these other pillars are not necessarily solved by products. They require people to run those solutions.

    Providing that you have a good handle on some of these critical areas like email and endpoint security, it’s about creating that great foundation—starting with asset management—and building your program from there. Otherwise, if the foundation is not good, then the program will not operate at the skill level that it needs.

    I think information shares are critically important, especially in organizations where you’re the sole cybersecurity full-time employee. You need to know someone else is out there going through what you’re going through.

    Generating regional information shares has been so powerful for us. In New England, we have a regional information exchange among hospitals at the cybersecurity level. Hospitals can remain competitive. But for us to manage risk in hospitals, we can’t have any secrets around what’s working and what’s not working.

    Do you expect the threat level to increase, decrease or remain about the same in the short term?

    I think it isn’t going anywhere. The nature of hospitals is that we consolidate out of necessity for a number of reasons. When hospitals consolidate, they become more complex. And when hospitals become more complex, their attack surface increases, because there’s so many more things to look at and consider. Unfortunately, I don’t think it’s going anywhere, but as long as we have good folks ready to do the work, I think we’re well prepared for it.

    What’s your message to everyone else working in healthcare? What can those outside of information and technology departments do to help promote cybersecurity?

    Cybersecurity is a formal department in most hospitals, but it really is an embedded function of everyone’s job. Cybersecurity cannot happen unless everyone is doing it. We can certainly be the ones who process the signals of cybersecurity and understand when things are going sideways, but we can’t be secure if everyone does not adopt that mentality that they are a cybersecurity person, too. That is so powerful, and we see that in our organization. It’s a really important message that I think needs to pervade. Everyone working in hospitals: Cybersecurity is your job, too.

    Related Articles
    The Check Up: Christopher Plummer, Dartmouth Health
    Healthcare leaders facing dozens of cyberattacks annually: survey
    Healthcare data breaches
    From cybersecurity to wifi, here are the top 10 tech threats for 2022
    Q&A: ‘Cybersecurity is everyone's job’
    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    UM medical campus-aerial_web_i.jpg
    Pro-Russia hacker group targets University of Michigan Health websites
    cybersecurity_money
    FBI infiltrates ransomware gang that targeted hospitals
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing