Richard La Bella
CISO

VITAS Healthcare

Why nominated: A 22-year industry veteran, Richard La Bella has used many methods to impart the need for cybersecurity on his fellow workers and clients. His first effort was in 1996 when he used L0phtCrack to compromise employee passwords so he could show his boss how important it was to create more complex passwords. This did not go over well at the time with his boss, but it was La Bella’s first exposure into the importance cybersecurity. This in turn led to a career that has seen La Bella earn several certifications and build a career in the field.

Profile: With patient health information considered prized data among cybercriminals, security is a priority. La Bella, who is a cybersecurity team of one at VITAS, must have a fully functional set of tools at his disposal to better safeguard sensitive data. In the past year, he has retired a host of under-performing point-solution security products and moved his organization to an endpoint protection platform that automates protections. As a result, he has been able to enlist IT operations personnel and network engineers within the IT organization to support a stronger security posture without adding complexity or additional headcount.

Since he needs all the help he can get, La Bella is a consistent and strong advocate for properly training the company’s staffers, even implementing monthly simulated phishing attacks against a piece of software he personally designed.

Other changes La Bella has instituted include replacing the old VITAS ITSM platform designed for the PC and workstation era with a SaaS platform that supports a mobile, cloud-first strategy and gives clinicians the flexibility to manage patient needs dynamically. Richard has also spearheaded the use of a three-factor authentication method for all data access (reading and writing) that is transaction based, agile, bandwidth-light and effective.

What colleagues say: “Richard is everything you could ask for in a customer – deep technical knowledge combined with business acumen and a vision that maps the role of security to company goals and objectives. His approach to our partnership is collaborative and innovative – he asks smart questions, listens, and actively works with our team on solutions to improve the product. Richard has championed making security a priority topic at the highest levels of his organization while pursuing broader education initiatives with Infragard and The Honeynet Project, as well as advancing best practices throughout the healthcare industry.” – Jennifer Malleo, Vice President of Corporate Communications, Endgame

Doug Olenick