Time To Get Creative: How Henry Ford’s Leaders Are Growing Cybersecurity Talent

When leadership at Henry Ford Health System began to float the idea of combining IT and privacy/security under one umbrella, they knew it might be met with skepticism, so they took to the road. Meredith Harper, now Chief Information Privacy & Security Officer, traveled to every hospital and business unit to speak with stakeholders about why it was necessary, making sure to tailor the message to each group. The plan worked, and HFHS implemented a program that leverages the strengths of five individual verticals to create a more collaborative environment. In this interview, Harper and CIO Mary Alice Annechario talk about the key challenges in securing patient data in a complex setting, their approach to education, how they work to bring consumers into the fold, and their thoughts on how the industry can address the growing workforce gap.

Chapter 1

Chapter 2

Chapter 3



* Threat-sharing with police, FBI — “If we have better information, we can prepare ourselves better.”

* PHI Protection Network Conference

* Addressing the cybersecurity workforce shortage — “We have to get more creative.”

* Value of a diverse leadership team

* CIO & CISO in lockstep

* “You have to have a united front.”



LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED

Bold Statements

When the incident is happening, do we really go back to those plans and really follow them appropriately? And do we test them out? Because just having the plan on paper without testing the plan to be able to refine it doesn’t really help you.

It communicates and demonstrates to our customer base, our clients, our patients, and our guests that Henry Ford is taking this seriously. This is serious for us. We not only want to be a part of the industry, we want to be innovators in the industry. We want to be the forerunners.

If we can find someone who is ambitious, who has a genuine interest in supporting our patients, we will give them a chance. We will train them in the things we need them to know in order for them to be security, privacy, identity, or risk specialists. That’s the approach we have taken to close that gap.

There’s more work that the industry can do in that space. We have to entertain women more. We have to entertain minorities more. We have to show that this is just not a male-dominated field. And the way we do that is by introducing girls to this much earlier than we typically have.

Gamble:  From your perspective, Meredith, what would you say is one of the biggest challenges on your plate, I mean is it just the fact that there are so many different types of threats out there or what would you say is really the toughest thing that you deal with?

Harper:  I think the threats are really not what keeps us up at night, because we’re always going to have an ever-changing threat environment; we’re forever going to have new vectors that are going to be exploited. Those are not the things that really concern me. I think what we really struggle with at times is, with an organization our size, we can create policy and process, and we can have programs in place. But sometimes operationalizing some of those things can be challenging, because we’re a very complex organization. It would be different if we were one standalone-hospital with no real connections to anyone else, but that’s not the case with Henry Ford.

And so we’re really trying to get our process refined enough and ...