Your Organization May Be an Attractive Cyberattack Target


In this podcast, we discuss how leaders can practice operational resilience as cybersecurity threats in healthcare become more prevalent.

Paul Mee and Jason Crabtree

1 min read

Healthcare organizations and those who lead them must think carefully about the efficacy of their security programs to assess how attractive they could be to hackers.

So says Jason Crabtree, Chief Executive Officer of QOMPLX, who joins the Oliver Wyman Health Podcast to talk about cybersecurity with Paul Mee, Partner and Head of Oliver Wyman’s Cyber Platform. 

Consumers want the confidence to know the healthcare they receive is high quality, but also that's it's timely and won't be manipulated or used against them, says Jason. Someone probably wouldn't tell their doctor their deepest secrets, for example, if they knew the information will be blasted across the Internet. In time, says Paul, consumer awareness of what's happening to their medical data, the cumulative effect of breaches, and so on will increase. Industry leaders must focus on how more compliance and more standards don't actually create more security, necessarily.

Listen to the Podcast

Episode Highlights

  • "You shouldn't get mad at a security team for having a breach. You should be mad if when you have the breach, they don't have DNS logs stored, information about their active directory environment, end-point tools installed, visibility on their external security posture, and they had RDP facing the internet. I mean, these kinds of things are unforgivable, right?"
  • "The value of healthcare records is far higher these days than financial services records. And they also have a more meaningful impact on me as an individual. I don't necessarily want information about my very personal health being out there. And it's a valuable commodity in the dark web space."
  • "People in cybersecurity often give terrible advice, right? They say things like, 'Well, patch everything well.' Okay. First of all, it's literally not how it works for an FDA-certified medical device. There are other constituents and certifications. We have to have a more rational conversation."