Cybersecurity and compliance in a pandemic

Mac McMillan ( is CEO Emeritus at CynergisTek in Austin, TX.

Security has always had a love-hate relationship with compliance. The guiding principle of compliance is balance, and it, at some point, has a minimum—meaning sometimes even no security is acceptable if the mission is at risk, and when that mission is life or death, if necessary, no security is acceptable. That doesn’t mean it is desirable or appropriate to ignore protections or not important to seek compensatory measures. But when everyone is moving as fast as they can and still falling behind and even simple tasks become difficult or nearly impossible, everything that isn’t critical to the core mission becomes secondary—and rightfully so. It is at these times that security and privacy officials and their compliance counterparts have to shift their approach. The mission is still the same—to protect the organization and the patient—but it should be done without interfering with care or adding more stress to an already chaotic environment. The mission is to be truly essential.

Things are going to happen fast, decisions are going to be made without the normal afforded consideration. Moves are going to happen, people are going to be repurposed to fill critical shortages. New people are going to be introduced constantly; new systems and methods of treatment are going to be tried and implemented without the testing or structured implementations normally followed. People and processes are going to be relocated, the world as we know it is going to be turned inside out and move faster than ever. On top of all of that, the staff is going to be stretched thin, facing longer hours under increased stress. Over time, they will experience rest deprivation and countless highs and lows as patients suffer and recover—not to mention facing their own risks head-on every time they report for duty. All of this makes for an incredibly volatile environment where risks will be higher. Add to this the unfortunate reality that the criminal element will see this as an opportune time to exploit organizations, and you have the makings of real drama for security and compliance. That is exactly what needs to be quickly eliminated if security and compliance professionals are going to be successful and be an asset to the organization during this time.

This document is only available to subscribers. Please log in or purchase access

    Would you like to read this entire article?

    If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

    * required field