Security Staff Acquisition & Development

Johns Hopkins CISO: Complexity of health care requires ‘adversarial security’ model

High-profile ransomware attacks left health care in the spotlight in the last year as a vertical that struggles to manage its security posture amid dire circumstances. But Darren Lacey, chief information security officer and director of IT compliance for Johns Hopkins University and Johns Hopkins Medicine sees it a bit differently.

"The idea that health care is anything other than the aggregation of workflows and data is a little sensationalist," he told Jessica Davis, SC Media's editor of health coverage, in an interview. More productive, said Lacey, would be for providers to rely on better discovery and profiling tools through what he describes as an adversarial security program – where you model yourself after what the attacker is likely to do.

"It sounds easy," he said, "but it's ridiculously complicated."

This is part of SC Media's special October coverage, in honor of Cybersecurity Awareness Month, spotlighting “security by design”: How different organizations within various verticals recognize their own security practices not only as a necessity, but also as a differentiator. Click here to access all of our security awareness coverage, which will filter out throughout the month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.