Mitch Parker has one of Indiana’s most critical jobs.
As chief information security officer for Indiana University Health, Parker oversees cybersecurity for more than 30,000 employees at 18 hospitals across the state, along with countless numbers of computers, workstations and medical devices, making it the largest health system in Indiana — and the United States.
Indiana University Health is tasked with helping patients recover and maintain their health, but Parker’s job is keeping their data safe. In our discussion, he discussed the state of medical devices, his security team’s priorities and why — when an organization is so big — communication is absolutely key.
This interview has been edited for length and clarity.
We’re talking to chief security officers to learn more about their work, promote best practices that don’t hamper growth and share insights from some of the industry’s most experienced security professionals.
TechCrunch: You’ve been at IU Health for a little over three years. Multiple hospitals, thousands of staff, a range of threats and no two days are the same. What’s the secret sauce?
Mitch Parker: The organization is significantly more receptive to working together towards cybersecurity solutions than when I first got here. A lot of it I’ve found comes down to just taking the time to understand your customers’ needs. I align everything the security team does with our core mission and values and with purpose, excellence, team and compassion. We don’t talk about cybersecurity first. We talk about, how do we improve healthcare, and how do we provide a better patient experience? And we ask, how do we assist in fulfilling our customers’ needs?
So, in a few words, what’s your approach to cybersecurity across the various teams at IU Health?
Cybersecurity is constantly evolving. Healthcare threats change, too. Three years ago we were talking about Ebola [virus] and now we’re talking about new disease threats. Just as our organization has to adapt, cybersecurity has to adapt in the same way. When I first got here, the organization understood that they had a need but didn’t feel they had a valued business partner to work with. That partnership is more important than the threat of the week.
