Q&A with Tower Health VP of IT Assurance & CISO Terry Grogan: “CISO Success Hinges on User Buy-In”

You might think a former drill sergeant turned CISO would lead with a ‘my way or the highway approach,’ but for Terry Grogan, VP of IT Assurance & CISO at Tower Health, that couldn’t be further from the truth. That’s because, according to Grogan, such leadership will only see you followed when seas are calm, but when the storm strikes, teams look to rally around those who they know have their best interests at heart. And Grogan shows that sentiment by embracing a “see something, say something” mentality where users are encouraged to “tell on themselves” if they accidentally give up their credentials to some kind of compelling scam. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Grogan covers these issues, where most attacks are coming in, and why she sometimes embraces a ‘lock it down and ask questions’ later dynamic.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

We’re looking for lateral movement, looking for command and control, impersonation of users, escalation of privileges. And you need multiple log sources to stitch that picture together. It can’t be just what’s happening on the endpoint anymore.

I believe our users have gotten much more willing to tell on themselves, because we make it far less painful for them to get back into the system and back to work.

… what I do is automate on the side of caution. So I’ll lock a machine or a user out with an automation based on hitting certain roles. Whether I’m wrong or not, it doesn’t matter. I’d rather say, ‘I’m sorry, I didn’t mean to lock you out,’ than to not have taken that quick action if it really was something important.

Anthony: Welcome to healthsystemsCIO’s interview with Terry Grogan, VP of IT Assurance and CISO at Tower Health. I’m Anthony Guerra, founder and editor-in-chief. Terry, thanks for joining me.

Terry: Hey, thanks so much, Anthony, for having me. I really appreciate the opportunity.

Anthony: All right, very good. Thank you. Terry, can you tell me a little bit about your organization and your role.

Terry: Tower Health is a 3-hospital health system. We also have, in addition to Reading Hospital, there’s Phoenixville and Pottstown Hospital, and we also have a joint effort with St. Christopher’s Hospital for Children in Philadelphia. We have about 18,000 users. We have Community Connect sites. We have medical groups, specialty practices. So it’s a typical mid-sized health care system. I am the chief information security officer here for all of Tower.

Anthony: Excellent. Thank you for that. Let’s start open-ended here, Terry. What’s on your mind? What are some of the trends you’re looking at, things you’re watching, just top-of-mind stuff, and we’ll go from there.

Terry: As I’m sure you’re aware if you’ve talked to any other healthcare CISOs, we are a very targeted group of entities. I constantly watch the news and see my peers deal with attacks. I look at our logs and see us being attacked on a daily basis. I have a lot of the same attacks that others look at, phishing, obviously is a big one. But interestingly, we’re getting a lot more attacks outside of normal phishing emails, which seem to be not as effective anymore for threat actors. Impersonations have been a big problem for me recently. And we have upped our identity questions when we try to positively identify folks for password reset or especially for changes to their multi-factor authentication.

We’ve caught several threat actors impersonating ...