This article originally appeared on Forbes.com in its Technology Council series.

By Chris Bowen, CISO & Founder at ClearDATA. Chris leads ClearDATA’s privacy, security, and compliance strategies.

 

As I sat in my office with the local news playing in the background, I tried to stay busy amid the chaos of yet another healthcare cybersecurity breach. The persistent pinging of notifications echoed from both my computer and phone—each alert a reminder of the escalating situation. I watched news outlets ponder the financial fallout of the breach, all the while accepting the harsh reality that the true impact on patient lives would likely remain immeasurable.

Bracing myself for the inevitable flood of updates detailing the negative repercussions, I wondered: Could this incident finally prompt essential changes in healthcare cybersecurity?

My journey into the world of data privacy began in an unexpected place—the Arizona House of Representatives. As the internet was emerging, the Speaker of the House established a bipartisan committee and appointed me to represent him. Together, we advocated for privacy rights in legislation and ultimately succeeded in our fight.

My passion for healthcare began when I was given the opportunity to reshape Arizona’s donor legislation. The goal was clear but ambitious—to make it easier for individuals to become organ donors.

Crafting the legislation was more than just a professional challenge; it was a deeply personal mission. I witnessed firsthand the poignant juxtaposition of life and death—the tragic end of one life while giving new hope to another. This experience had a lasting impact on me and underscored the profound importance of healthcare. It wasn’t merely about policy or politics; it was about saving lives.

A Deepening Commitment To Healthcare Data Privacy

Not many individuals readily link healthcare, politics and cybersecurity. However, they are intricately connected, especially in an era of rapid and impressive technological advancements and the digital age in which we are now living.

Following this transformative experience, I joined the Arizona House Majority leadership as a key aid to the Speaker, where I continued my work in healthcare reform. I also delved into internet privacy. These areas were becoming increasingly intertwined, and I realized the importance of having knowledge across all of these sectors. During this time, I pursued graduate studies, focusing on technology and privacy—two passion points that would continue to shape my future career.

Now propelled into the realm of healthcare cybersecurity, I discovered there was no company solely dedicated to creating environments specifically to protect patient data. Inspired by the pressing need for enhanced data protection in healthcare, I decided to dedicate my life to ensuring patient data would remain private and secure.

The Importance Of Prioritizing Patient Privacy

I share my story because the healthcare industry is at a critical juncture. As digital advancements continue to revolutionize healthcare, the need for robust data security measures has never been greater. Patient security and privacy are not just a regulatory requirement; they are a fundamental right. Every piece of data represents a human life, and protecting this data is paramount.

However, the responsibility of securing patient information extends beyond healthcare providers. Every stakeholder in the healthcare ecosystem must prioritize data privacy. This includes policymakers, technology vendors and even patients themselves.

The February 2024 ransomware attack on Change Healthcare serves as a stark reminder of the constant cyber threats targeting the healthcare sector. It underscores the necessity for a comprehensive, layered cybersecurity strategy that includes both fundamental practices and advanced defensive technologies.

It’s time to go on the offensive. We can no longer wait for breaches from bad actors funded by nation-states waging war on our private information.

We continue to move into the digital age, and we will undoubtedly experience new challenges and opportunities in protecting patient data. Emerging technologies such as artificial intelligence (AI), the Internet of Things (IoT) and others we haven’t yet imagined have immense potential to improve healthcare outcomes, but they also bring with them increased vulnerabilities.

The healthcare industry must continue to evolve and adapt to these changes, integrating security measures into all aspects of operations. This includes implementing robust training programs for staff, conducting regular risk assessments and staying up to date on compliance regulations.

Actionable Advice For Protecting Data

For both individuals and organizations, enhancing data security requires taking actionable steps.

Start by conducting regular risk assessments to identify and address vulnerabilities proactively. Implement strong encryption practices to ensure data is protected both in transit and at rest. Adopt multifactor authentication (MFA) for an extra layer of defense against unauthorized access. Educate and train employees regularly on cybersecurity best practices to reduce human error, a significant threat. Stay updated with regulatory changes, such as those from HIPAA and HITRUST, and adjust practices accordingly. Finally, invest in advanced cybersecurity technologies like firewalls, intrusion detection systems and AI-driven security solutions to bolster protection against cyber threats.

The political arena, healthcare industry and cybersecurity are deeply intertwined. The convergence of healthcare and technology brings remarkable opportunities, but it also poses significant challenges. By prioritizing patient privacy and data security, we can ensure the digital transformation of healthcare benefits everyone.

I’m sitting at my desk. I think of the potential benefit to patient safety if we prioritized privacy and security in every aspect of our digital lives, and I am grateful to work in healthcare. We have a long way to go, but I am hopeful.

Follow Chris Bowen on LinkedIn.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?