CynergisTek Healthcare Cybersecurity. Photo: Cybercrime Magazine.

CynergisTek Grows By Educating Healthcare And Hospital Information Security Executives In The U.S.

Founder and CEO builds a healthcare cybersecurity company with loyalty and thought leadership.

– Georgia Reid

Northport, N.Y. – Oct. 5, 2018

How do you solve the challenge of protecting vulnerable health care facilities from an increasing barrage of cyber attacks?

Mac McMillan, founder and CEO of CynergisTek, a top-ranked cybersecurity and consulting firm dedicated to the healthcare industry, is taking on the problem by educating CIOs and IT decision makers at hospitals and healthcare organizations across the United States. His approach – a series of privacy and security workshops specific to the healthcare field – has proved extremely successful, which has led to industry recognition including a spot on the Cybersecurity 500 List.

A background in government and security

McMillan is a security veteran with an intense drive to serve and protect both American citizens and his customers. He has a no-nonsense approach to his company and his leadership. A Texas native and retired U.S. Marine, McMillan worked for 22 years in the Department of Defense where in his last assignment he was the head of security for the Defense Threat Reduction Agency responsible for all security programs worldwide, including cybersecurity.

Just before he left the Government in 2001, Mac McMillan was invited to speak about cybersecurity at a hospital in Baltimore, Md., and he knew where he was headed.

“I was absolutely taken aback by the lack of security in this hospital,” he stated. “This is an industry that is going to have a tremendous amount of cybersecurity needs for quite a while.” His new compass was set, and McMillan forged onward to bring cybersecurity expertise to the important field of healthcare, founding CynergisTek with his partner in 2003.

Fast forward to today, and McMillan is running one of the hottest and fastest growing healthcare cybersecurity companies in the U.S. – a venerable “Small Giant” in a burgeoning $65 billion market comprised of healthcare providers under constant cyber-attack.

Healthcare Facilities are at an increased risk

“The healthcare industry is one of the most, if not the most, vulnerable industries for cybersecurity threats,” says Steve Morgan, Founder and Editor-in-Chief of Cybersecurity Ventures.  “With outdated IT infrastructure and legacy equipment, this leaves healthcare facilities particularly vulnerable.  And it is difficult to hire cybersecurity employees in this kind of environment.”

The cybersecurity problems facing hospitals and healthcare facilities today include:

  • Outdated information technology infrastructure
  • Lack of in-house cybersecurity talent
  • Hospital staff are unaware when it comes to cybersecurity and are not trained about what to do in the event of an attack
  • Medical devices, part of the IoT, are vulnerable to attacks and are gateways to the greater network
  • Ransomware attacks are on the rise — especially at healthcare organizations

In 2017, healthcare providers were the bullseye for hackers and were the most cyber attacked industry in 2016, according to the 2016 IBM X-Force Cyber Security Intelligence Index.  And the future isn’t looking much better for healthcare: Ransomware attacks on healthcare organizations are predicted to quadruple by 2020.

Cybersecurity Ventures predicts global healthcare cybersecurity spending will exceed $65 billion cumulatively over the next five years, from 2017 to 2021.

With vulnerabilities due to legacy systems, and more medical devices that are connected to the networks than ever before, creating an IoT risk, healthcare facilities have to take extra precautions when it comes to cybersecurity.  Not only are patient records and personal data at risk, so are people’s lives if the whole system is held hostage in a ransomware attack. 

So, should hospitals pay the ransom?

McMillan says no, and the industry tends to agree.  It only serves to further entice and attract future attacks.  While patient lives may be at risk if a healthcare facility is held hostage by a cyber attack, paying the ransom shouldn’t be necessary if you have a solid and well-prepared backup plan.  McMillan says you first need to build an environment that is ready to respond to cyber incidents.  Secondly, have a good recovery process in place and data backed up.  And finally, train the hospital staff on how to run the facility if it does happen to suffer an attack or breach.  

McMillan does preface his statement that in some circumstances a hospital might be faced with extenuating circumstance, and a ransom might have to be paid.

Growing consistently by forging long-lasting relationships

CynergisTek is growing steadily and consistently, merging in 2016 with a public company (keeping the CynergisTek name and ownership). With about 300 employees to date, the company is expected to continue to take on new talent and potential acquisitions, making it a cybersecurity thought leader to pay attention to in 2019 and beyond.

The way CynergisTek evolves so successfully is by listening to their client base and forging strong, long-lasting relationships. The company invests a great amount in educating the healthcare industry about cybersecurity threats and trends, hosting more than 40 education events annually. The executive team provides 100 additional educational sessions on cybersecurity, privacy, compliance, and document output-related topics every year.

The partnership with CynergisTek has allowed us to focus on compliance, developing risk programs, policy and procedures leading to a culture focused on making us more secure.” -Tom Gordon, CIO of Virtua Health System.

CynergisTek has helped hundreds of healthcare providers and vendors address healthcare cybersecurity, privacy, compliance, and document output challenges, and they are dedicated to sharing knowledge and best practices based on experiences from working with so many different types of healthcare organizations.

The company is in over 1,000 hospitals to date and manages over 100,000 devices, and performs vulnerability assessments on 1.5M devices each year.  Additionally, they have a 94 percent renewal rate with customers that partner with them through their flagship service, Compliance Assist Partner Program (CAPP).

To learn more about the talent at CynergisTek, read this interview with Angela Rivera, SVP of Operations, which is part of the Cybercrime Magazine “Women in Cyber” series. Angela is a role model for women in cybersecurity and wants them to know cybersecurity is a space that has many diverse roles, and that one does not need to be a coder or hacker to succeed.

Cybercrime Magazine is recognizing a handful of growing and mid-sized companies in the “Small Giants in Cybersecurity” series launching Q4 2018. These relatively new or emerging firms — in comparison to household-name cybersecurity giants — have demonstrated longevity, innovation, and expertise in protecting against hacks and breaches, ransomware attacks, insider threats, and more. Both the companies and their leaders are highlighted in this ongoing feature series, showcasing their knowledge, commitment, and adept prowess in dealing with unique cybersecurity issues.

Read about more Small Giants here.

Georgia Reid