Baptist Health CISO James Case shared insights on transforming cybersecurity through a risk-focused lens at a recent webinar we hosted.
The discussion was moderated by Axio President, David White and Axio Director of Cyber Risk Engineering, Benjamin Lorentzen.
A Healthcare CISO’s Perspective in Focus
With over 20 years of experience in both technical and leadership roles, James Case has seen the evolution of threats and approaches to risk reduction within the industry.
Case began his career in engineering, gaining hands-on technical experience that served as a foundation for future projects. He credits early mentors with helping develop his skills as a leader over time. When Baptist Health needed to build out its security program over a decade ago, Case took on the role of architecting the current initiative.
Constant change within both technology and the threat landscape means those in cybersecurity must commit to continuous learning. As Case explained, if one ever thinks they are done learning, that likely indicates a problem. This mindset helped shape Case’s strategic approach today, where communication and collaboration are prioritized.
Webinar Highlights
- We talked about James’ journey of transforming the hospital’s cybersecurity program through a lens of risk management.
- Case emphasized the importance of continuous learning and partnering with business leaders to prioritize threats like ransomware, data breaches, and supply chain disruptions.
- Case explained how he communicates cybersecurity risks and progress to the board using a storytelling approach. By quantifying potential financial impacts, the board could understand risks in a universal language of dollars and cents.
- We got a sanitized view of his Board slides, where Case showed where the program was, improvements made, and future goals – helping illustrate risk reduction over time. This approach helped initiate meaningful conversations about managing cyber risks strategically.
- Other highlights included learning from past incidents like Change Healthcare to strengthen defenses.
- Case also stressed involving diverse perspectives beyond IT through a steering committee. This helps inform priorities considering business needs alongside technical safeguards.
- We concluded the webinar by emphasizing: as healthcare adopts new technologies and mergers alter the landscape, a risk-focused approach can help navigate challenges to protect patient safety in an increasingly interconnected world.