Ransomware: The Need for a Business Impact AnalysisCathie Brown of Clearwater on How to Improve Decision-Making in a Crisis
You see the news: how many healthcare entities are struck by ransomware. But how many of them conducted business impact analyses before they were victims? Too few, says Cathie Brown of Clearwater. She discusses the value of doing a BIA before the crisis strikes.
"It is a troubling time for healthcare, particularly with ransomware," says, Brown, VP of consulting services. "I heard a report yesterday that there is an estimated ransomware attack every eight minutes. Healthcare is the top target [and] has been for a while now."
Brown says the BIA not only will help dictate ransomware response, but it will assist in any type of crisis decision-making.
In an interview with ISMG, Brown discusses:
- Troubling ransomware trends;
- The value of conducting a BIA specifically for ransomware;
- How to operationalize the learnings from a BIA.
Brown brings more than 30 years of experience in healthcare, health information technology, health information security and consulting to her work as Vice President of Consulting Services for Clearwater. In that role, she helps lead Clearwater’s team of healthcare cybersecurity and compliance experts that assist healthcare organizations with developing and implementing effective HIPAA compliance and cyber risk management programs.
Over the course of her career, Brown has helped healthcare organizations mature across the HIMSS Analytics Maturity Models as a HIMSS Analytics Certified Consultant. Her experience also includes serving as Deputy Chief Information Security Officer for the Commonwealth of Virginia from 2006-2009 and 19 years with Centra Health, where she served as the health system’s first Information Security Officer.
Brown is the incoming President for the Virginia HIMSS chapter, and she maintains certifications in security (CISSP, CISM), IT Governance (CGEIT), and Project Management (PMP).