It’s impossible to balance cyber risk with medical necessity without spending time “in the foxhole” with the clinicians to learn how and why they use the technology, according to Jack Kufahl, chief information security officer (CISO) at Michigan Medicine, the medical center affiliated with the University of Michigan. In this interview with Anthony Guerra, healthsystemCIO founder and editor-in-chief, Kufahl talks about the complexities of managing risk within an academic research institution and the big question of how to be open enough for research yet secure enough to prevent breaches. When doctors ask to install a new app, if you merely evaluate it in a yes/no way, that won’t be enough to determine what to do, Kufahl says. “You have to peel it back a little bit, make sure you understand it in context.” Sometimes risk is tolerable, but ultimately, “all risk tolerance is temporary,” he says.
Source: Q&A with Michigan Medicine CISO Jack Kufahl: You Can’t Assign Risk Without Context on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.
POWERED BY BLUBRRY
