CISO Interview – Nancy Taneja

VIEW - Te Whatu Ora chief information security officer - primary health sector, Nancy Taneja

What is the role of CISO for Primary Health Sector?
It’s my job as Chief Information Security Officer – Primary Health Sector, to oversee and advise on cyber security for everyone in the sector, from general practices to community pharmacists, allied health professionals, community aged care, Māori health organisations, and primary health organisations.

It’s a big job because the primary health sector is in every community across the motu, and there are different needs, expertise, and resources required. Because of this, relationship management and sector engagement are as important in the role, as specific technical advice.

Why is it important to have a primary care CISO?
Health systems all around the world are being targeted by cyber criminals and it’s not surprising when you consider the size of these systems and the sensitivity of the information they deal with.

In New Zealand, the primary health sector is made up of around 170,000 people, working at roughly 2,500 small to medium sized businesses – all of whom deal with massive amounts of sensitive health information every week. Just one wrong click on an unprotected system, and you can very quickly have a major security incident.

That’s where my team and I come in – we’re trying to demystify cybersecurity and point the sector in the right direction in terms of building up cybersecurity capability.

What does your role involve?
I think there’s growing awareness in the sector about what cybersecurity is and why it’s important. The problem is there’s still a lack of understanding about what organisations can practically and affordably do to protect themselves.

There is a common perception that cybersecurity is something for IT departments to worry about. What I’m trying to do is to get people thinking about cybersecurity as shared mahi. Yes, you might need specialist skills to install specific software and patches and all that sort of thing. But there’s a lot we can all do as a matter of course to make it harder for cybercriminals. Don’t click on suspicious links. Lock your computer when you move away from it. Use strong, secure passwords and multi-factor authentication. Don’t send sensitive work information to your personal email accounts. Understand why backups are important and how to be prepared for a cyber incident. Those sorts of practical precautions make a huge difference to the security of our systems.

What’s your background in this space?
I have been in the primary and community health sector for seven years, working with PHOs, general practices, pharmacies and so on in the central North Island where I'm based. As you might expect, I also have a lot of experience in technology and security, building technology and security services for organisations from the ground up.

Have you always had an interest in IT or cybersecurity?
I confess I am a true geek: I love technology in all shapes, forms and sizes! But I’ve got a longstanding connection with the health sector as well, since I come from a family with generations of doctors and pharmacists. So, really, working on cybersecurity within the health sector is the perfect job for me.

What are five key pieces of advice for improving cybersecurity?
As I said before, there are some basic things you can do right now, that will make a big difference:

• Set-up strong multifactor authentication on all accounts (especially administrative accounts). This means that as well as requiring a strong password, you’ll need to enter a secondary form of identification, for example a passcode that is sent to your mobile phone.
  
• Make sure all your servers and devices are kept up-to-date with security upgrades and patches.
• Install reputed antivirus/anti-malware protection on all user devices and servers.
• Make sure you backup your servers and devices on a regular basis, so that if the worst happens and your system is compromised or information is compromised for whatever reason, you can get it back.
• Talk about cybersecurity on a regular basis with your staff, and check that everyone understands what they need to do to keep your organisation and your community safe.
  

What do you do in your free time?
I confess my job keeps me pretty busy, but when I get the chance, I enjoy playing golf, reading non-fiction and hanging out with my family.

Picture: Te Whatu Ora chief information security officer - primary health sector, Nancy Taneja

If you want to contact eHealthNews.nz regarding this View, please contact the editor Rebecca McBeth.

Read more VIEWS

Return to eHealthNews.nz home page