eHealth News: Regional CISOs to strengthen cybersecurity
eHealthNews.nz editor Rebecca McBeth
CISONew Zealand’s DHB regions are appointing Chief Information Security Officers (CISO) to lead and improve on cybersecurity and work together under a new national cybersecurity governance structure.
The Central DHB region has appointed a CISO and the South Island is currently recruiting. The Northern Region has had a CISO position for nearly five years and a CISO has been appointed at Waikato DHB.
A Ministry of Health spokesperson says the new CISOs will work together under a newly formed cybersecurity governance structure that the Ministry is part of.
The new roles were created as recognition that dedicated security leadership is vital to drive up overall cyber security maturity and advocate for cyber related risks at senior management levels.
"Experienced and dedicated cyber security professionals make the difference between a significant cyber breach and a minor one," the spokesperson says.
Executive director digital enablement at Hawke’s Bay DHB and deputy chair of the National Digital Leadership Forum, Anne Speden, says the appointment of CISOs is the result of a collaboration between data and digital health leaders in the DHB regions and the Ministry of Health.
The creation of these roles will ensure best practice in cybersecurity as experience can be shared across the country, as well as enable the health reforms, she says.
The six Central Region DHBs have created a CISO role who has overall accountability for information security across the region’s DHBs, and TAS as a subsidiary company of the six DHBs.
“In an evolving risk landscape, the protection of health information and digital services is a critical part of safeguarding the effective operation of New Zealand healthcare against external threats,” Speden says.
Cybersecurity in health came to national attention after Waikato DHB was hit by a ransomware attack on May 18 causing a full outage of its information services across the region. Patient and staff details were stolen then later posted online by the cyber criminals.
Waikato has since recruited Gabriel Akindeju as its CISO, who has responsibilities for ensuring the security and technology-related business risks within the DHB are appropriately governed and managed.
“The role also engages across the regional DHB service providers as part of a wider forum to provide input to improving their security postures,” a statement from the DHB says.
Waikato is part of the Te Manawa Taki DHB region which has yet to appoint a regional CISO, but is jointly exploring a future regional security team, says Debbie Manktelow, chief digital officer at HealthShare.
She says there are also a number of security positions that operate within each DHB.
A CISO role for the South Island was advertised on November 8 and the recruitment process is underway. The role will report to James Allison, chief digital officer at Canterbury DHB, but is accountable to a regional governance group for the whole of the South Island.
Allison says the CISO will lead the South Island DHBs’ information security strategy, ensure information security risks are effectively managed and monitored, and develop and enhance the region’s information security management framework.
“South Island DHBs are collaboratively committed to addressing cyber security which aligns with the transition to Health NZ,” he says.
Richard Harrison has been CISO at the Northern region’s shared services agency healthAlliance for nearly five years and says the investment in other roles around the country is a “really good opportunity for the sector to uplift it’s capability and maturity over time”.
He worked with the other regions on the development and appointment of CISO roles and is looking forward to collaborating nationally
He has a team of around 20 security experts who focus on building policies, processes, standards, assurance and capabilities to provide an operational service to the region’s DHBs.
The Northern Region has developed a cybersecurity strategy and Harrison’s team works with the DHBs to get buy-in to that and support them to develop their own capabilities where appropriate.