Throughout the podcast, McGee's listeners and vast readership gain Chaput's insight about the steps he suggests healthcare sector entities take to improve their approach to information risk management.
Chaput begins by sharing that cyber threats are constantly evolving, and he warns that a focus solely on the current threats leaves organizations vulnerable to evolving and changing threat sources, threat events, vulnerabilities and controls.
McGee poses questions about the common missteps healthcare organizations make in approaching security risk management, corrective actions that can be taken toward having a more "programmatic" approach to security risk management, and why organizations must look beyond simply complying with HIPAA regulations.
Chaput and McGee also discuss why adopting the NIST Cybersecurity Framework (NIST CSF) is of paramount importance.
Throughout the podcast's range of topics and McGee's questions, Chaput's guiding message to HealthcareInfoSecurity.com's podcast listeners and readership is clear: "... as you stand up a risk management program, it must transcend today's information assets ... threat sources ... threat events ... vulnerabilities ... controls. All of those key ingredients in an information risk management program, and specifically in doing risk analysis, are constantly changing." Therefore, organizations need to strike a balance in dealing with today's issues and building a program with a long view.
Listen to HealthcareInfoSecurity.com's podcast, "Why Focusing Too Much on Today's Cyber Threats Is a Bad Idea" featuring subject matter expert and Clearwater CEO, Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US.