Leo Scanlon, deputy CISO at the U.S. Department of Health and Human Services, will take a lead role as HHS sharpens its ongoing focus on cybersecurity issues, an effort that will continue under the Trump administration, he explains.
HHS is modifying the deputy CISO role "to accommodate the need for a senior adviser to coordinate 360-degree presence of [HHS] in the healthcare sector for cybersecurity, something until now the agency has not been able to do," he says. The deputy CISO is not a politically appointed position.
The Cybersecurity Information Sharing Act, which was signed into law in late 2015, created a task force that's been working to create a set of recommendations that will be released soon, Scanlon explains in an interview with Information Security Media Group.
HHS has a working group, which Scanlon chairs, that coordinates the cybersecurity efforts of all of the agency's various units. That group will respond to the upcoming cybersecurity recommendations of the CISA-related task force, he explains.
New Portal in the Works
Last year, HHS issued a grant to the National Health Information Sharing and Analysis Center to create a web portal that will enable cyber threat information sharing throughout the healthcare sector, he notes.
"This is a relatively new technology and approach for leveraging cybersecurity capabilities in a way that allows much more effective real-time response to threats and specific indicators of compromise," he says.
NH-ISAC is also supporting HHS' work on creating a threat center along the lines of the one created earlier by the Department of Homeland Security. This effort will also leverage information through a healthcare cyber threat operations center based in Atlanta, which coordinates across the Department of Defenses' health operations, including the Department of Veteran's Affairs health operations, he says.
"We are very actively engaged in expanding and improving threat sharing and information sharing inside our organization and across with our sector partners at this point," he says.
"The CISA recommendations are pointing to that as a primary role. But [the upcoming recommendations] are also pointing at ... workforce development, awareness and training and other core elements of effective cybersecurity programs that need to be [implemented] in the private healthcare sector and expanded within the federal government, as well."
In the interview (see link to audio below photo), Scanlon also discusses:
- Evolving cybersecurity trends in the healthcare sector;
- Cybersecurity-related skills shortages in the healthcare and government sectors, and how to address the needs;
- Ways the healthcare sector can bolster its ID credentialing and access management practices;
- Why he recently accepted the volunteer role as co-chair of the Government Advisory Council of (ISC)², and what he hopes to help the cybersecurity professional organization achieve.
Scanlon is the HHS deputy CISO and senior cybersecurity adviser for the healthcare sector. In these roles, he is responsible for HHS' overall cybersecurity technology project portfolio, as well as leading the Office of Information Security. As deputy CISO, Scanlon also provides comprehensive leadership and collaboration on implementing policies and best practices on information security. Before joining HHS, Scanlon served as the CISO for the National Archives and Records Administration.