By Derrick Lowe, Chief Information Security Officer at Orlando Health, a Palo Alto Networks customer\n\nWhen I talk to healthcare industry leaders about cyber resiliency, I get a lot of affirmative head-nodding and positive feedback. And why not? Healthcare resiliency, in general, and in cybersecurity particularly, is a concept that is easy to get behind.\n\nBut that\u2019s the problem: For many healthcare leaders, it\u2019s often a concept rather than a strategic imperative. Notice that I use the word \u201cimperative\u201d rather than the more often-used \u201cinitiative.\u201d That\u2019s because it is truly imperative for the healthcare industry to address cyber resiliency, and to do so with urgency and unwavering commitment.\n\nOn the surface, cybersecurity in healthcare may not seem all that different from cybersecurity in other verticals such as financial services, retail, manufacturing, or education. Several of these are highly regulated, have exacting data governance mandates and deal with huge and growing volumes of data essential to their daily and long-term business operations.\n\nBut there\u2019s an important difference: A cybersecurity incident in healthcare can literally cost someone their life. The financial and operational implications of a data breach or ransomware lock-up in healthcare are just as onerous as in other verticals. But when life-sustaining digital systems are threatened by cyberattacks, you are in an entirely new realm of peril. By now, most of us are all too familiar with the horrific story of the Alabama hospital that suffered a ransomware attack that allegedly precipitated the tragic death of an infant. The need for cyber resiliency doesn\u2019t get any starker than that.\n\nThe cyber resiliency \u201cwhy\u201d is easy: The \u201chow\u201d is often not\n\nThe good news is that healthcare executives are quickly coming around to the understanding that cyber resiliency is a must-have and a top requirement demanding the attention not only of CISOs and their team, but also the entire healthcare institution\u2019s C-suite and board. After all, the primary business of healthcare organizations is ensuring patient safety and health, today and in the future. And we all understand that digital threats are real and omnipresent.\n\nThe bad news is that how to take the proper steps to ensure cyber resiliency is far less clear unquestionably challenging even in well-intentioned organizations. Unfortunately, some healthcare organizations still see cybersecurity steps and practices that are necessary to ensure resilience as somewhat of a disruption to their business processes. This is not unlike the much-discussed \u201cfriction\u201d challenge that businesses bring up when asked to adopt security steps that may be perceived as hindering business operations or the customer experience.\n\nFortunately, I don\u2019t have this problem at Orlando Health, where our forward-looking executives take a holistic view of our mission, understanding that cybersecurity is vital to putting patients\u2019 well-being at the center of everything we do. I have worked in other organizations where this focus wasn\u2019t always crystal clear for the following reasons:\n\nHealthcare also is somewhat unique in that as an industry we have been a bit late to the party when it comes to cybersecurity investments\u2014especially given the dramatic uptick in the digital transformation in healthcare delivery and business operations. Healthcare organizations rely not only on their digital applications, systems, and networks for financial and operational needs but increasingly the clinical operations are digital-centric. Mobility, cloud computing, sensor-based monitoring and the Internet of Things are just a smattering of digital technologies that influence how we care for patients and fulfill our core mission.\n\n6 steps to becoming more cyber resilient\n\nI recommend healthcare industry executives commit to a few important steps for to elevate cyber resiliency as an organizational imperative.\n\nIn the end, cybersecurity resiliency is imperative because it touches on all aspects of the healthcare organization\u2019s business. Without it, you can\u2019t generate revenue, you can\u2019t do research and you can\u2019t protect your reputation. But most importantly, you can\u2019t ensure patients the safety and quality of care\u2014 which is the heart of your mission.\n\nTo learn more, visit us here.