Security professionals in the healthcare world can sometimes feel like Cassandra, the mythical Greek woman gifted with the ability to predict disaster, but cursed to not be believed. As hospitals and health systems face ever more-pervasive threats, the industry must learn not only to predict and counteract those threats, but to effectively communicate them to everyone in the enterprise.

"When you see (security breaches) in the news and think, 'What should we do?' it’s not that you need to have the most advanced new technology that doesn’t exist," said Michael Coates, former CISO at Twitter and Mozilla, told HIMSS Media. "You need to go back to basics and say ‘We know what we need to do. It’s strong passwords. It’s hashing. It’s good security practices. But how do we do that at scale everywhere all the time? And that’s where things get tricky."

Coates will keynote the HIMSS Healthcare Security Forum next month in Boston, along with Dr. John Halamka, International Healthcare Innovation Professor at Harvard Medical School.

At Twitter and Mozilla – technology companies that wouldn’t slow down their pace of innovation to accommodate security considerations – Coates learned that security professionals can’t succeed if they think of themselves as babysitters or gatekeepers.

"Instead of having that hard checkpoint gate, you move to a model where you heavily rely on building security into the process and into the technology so that people are getting their security whether or not they know it," he said. "It’s sort of like the parent making you a chocolate-banana smoothie and putting some broccoli in there. You wanted the smoothie anyway and you didn’t know you were eating your broccoli at the same time."

One approach is to build governance structures that distribute the accountability for security breaches, making them everyone’s problem, Coates said. Another is the "paved road" approach: finding ways to make the easiest way to do something be one and the same as the most secure way.

Halamka says artificial might be another way to effectively build security protections into processes.

"The future of security depends on understanding moment-to-moment risks based on the data assets being accessed by whom with what device," he told HIMSS Media in an email. "Rule sets will not be sufficient. Real-time pattern analysis based on machine learning techniques is likely to be more successful."

Coates and Halamka will headline the two-day event, but they’ll be joined by CISOs from Penn Medicine, Geisinger Health System, UPMC, Johns Hopkins, Intermountain and more. The event will also include breakout group discussions on topics like incident response and recovery, identity and access management, and data protection and loss prevention. And of course, networking opportunities will abound at the event.

The Healthcare Security Forum will be held December 9 and 10 at Westin Copley Place in Boston.

Click here for more information or to register for the event.

 Prepare for next-gen cybersecurity threats and join the #HITsecurity discussion at the HIMSS Healthcare Security Forum this Dec. 9-10 in Boston.