Healthcare Cybersecurity: Why Resilience Is No Longer EnoughClearwater's Jon Moore on Embracing the 'Antifragility' Approach
Over the past decade, many healthcare cybersecurity programs have evolved from "recovery" to "resilience." But Jon Moore of Clearwater says resilience is no longer sufficient against relentless attackers. He now promotes a philosophy that embraces "antifragility," including more and varied testing.
Moore, chief risk officer and senior vice president of consulting services at Clearwater, says resilience isn’t enough because it's not just a matter of an organization "snapping back" after a security incident.
"We can't just go back to where we were and hope for the best," he says. "We're just going to end up back in the same position we were in before. We need to improve and grow and strengthen our organizations and overall security programs."
In an interview with Information Security Media Group, Moore discusses:
- What "beyond resilience" means;
- The concept of antifragility;
- How to embrace a risk-averse strategy.
Moore has a background in privacy and security law, technology and healthcare. As chief risk officer and senior vice president of consulting services at Clearwater, he works with healthcare leaders to safeguard their patients' health, health information, corporate capital and earnings through the creation and development of strong, proactive privacy and information security programs. Together with his colleagues at Clearwater, he provides the strategic advice, services, training and tools needed for a complete cybersecurity, risk management and HIPAA compliance solution.