The LogRhythm Champions Network is an exclusive community of LogRhythm’s most passionate and strategic customers. This elite group of customer leaders in the InfoSec community are experts in all things LogRhythm. The LogRhythm Champions Network works to recognize these leaders for their advocacy efforts, connect them with fellow experts, and empower them to reach their personal and professional goals. Learn more about the people who choose to partner with LogRhythm.
This Champion Profile showcases Steve Flannery, Manager of Directory and Cloud Services at UnityPoint Health. Here is Mr. Flannery’s story, condensed from a recent interview.
What organization do you work for and what is your current role?
I work for a health organization based in the Midwest called UnityPoint Health. UnityPoint has hospitals in Iowa, Illinois, and Wisconsin. As the Manager of Directory and Cloud Services I work with three teams, Directory Service, Exchange, and Messaging. In this past year, I also built and actively manage our security operations center (SOC) and a team of analysts.
How long have you worked at UnityPoint Health?
I have worked for UnityPoint Health for about six years.
What is your educational background?
I earned my bachelor’s degree in Computer Technology and Computer Systems Technology from Herzing College in Madison (formerly The Wisconsin School of Electronics). I immediately saw that computers would be the wave of the future and completely immersed myself. During my time working at Meritor Hospital, a couple of years later, I went on and earned my master’s degree in Information Technology from Capella University. Ultimately, a combination of my interest in technology, background in InfoSec theory, and practical hands-on experience got me to where I am today.
What did you do before your current role? What is your previous work experience?
Before my current role at UnityPoint Health, I was actually still affiliated with the healthcare system. I had previously worked at Meritor Hospital for about 18 years. In total, I’ve been working in the healthcare space for nearly 23 years on the IT side.
What drives you to continue to work in cybersecurity?
Early on, I cut my teeth as a Systems Administrator working with SQL server and SQL databases. But, from the beginning security was always front and center, especially in healthcare. While it is common to hear healthcare is wide open, it’s actually a highly regulated industry. Yes, there are a lot of legacy systems that we are battling with today, but security has been a priority for a long time.
For me personally, I’ve always been interested in security. I was the guy who patched the systems when Microsoft first started pushing them out. I consider myself a lifelong learner and security was an area that always had something new to learn with new systems and threats constantly being released. At the end of the day, I’m never bored.
You clearly have a long history in tech, in IT, and security, what is your cybersecurity philosophy? How does it drive your security programs?
Since I work in the healthcare field, my cybersecurity philosophy is driven by the fact that we are impacting people’s health, every day. While I might not be directly involved with patient care, the systems that frontline workers such as nurses and doctors rely on to save lives, are my responsibility. If those support systems go down, for whatever reason, the lives of our patients are at risk and those healthcare workers cannot properly administer care. That fact is always in the back of my mind.
As I work to create secure and confidential environments for patients, I follow the security in-depth approach. When I first set out to create our SOC, I looked for a toolset that would align with this philosophy. I worked to establish multiple lays of security and combined different technologies and systems to protect UnityPoint. The LogRhythm NextGen SIEM Platform plays a crucial role in this strategy as it serves as a central aggregation tool to analyze and add context to the data flowing in from around my environment. Being able to turn that data into meaningful information and determine actual threats versus noise is vital.
You’ve been in the security space for over 20 years, how do you feel cybersecurity has evolved? Specifically, in regard to the healthcare space?
Earlier on, security was not front and center for most healthcare professionals. We in IT were thinking about it but it wasn’t something doctors, nurses, or administrators cared much about. I remember sitting at a table talking with a couple of doctors and they said, “what do you mean I need to have a password?” That was the environment. When the federal government began to establish compliance mandates and set guidance via HIPAA things being to change.
In the early 2000s there was a lot of digital transformation going on, especially in medical health records. We began to move away from physical pieces of paper to help medical professionals do their jobs more effectively. For the first time, MRI scans, cardiac data, and other crucial information could be easily shared and doctors in different places could talk to one another over the network. This shift started to bring security to the forefront as the broader industry began to realize that threat actors could more easily access this sensitive information.
What makes cybersecurity so much more important in healthcare is that human lives are at stake. In other industries, a compromised credit card is an inconvenience that can be easily replaced. When it comes to medical records, you can’t just get a new medical identity. That lost or stolen information could mean life and death. Also, medical data is more valuable than other information, such as credit card numbers. A compromised healthcare record could lead to big-time medical fraud which can be extremely lucrative.
There is a lot at stake. As a security professional in the healthcare space, do you find yourself under more pressure when compared with other industries?
Personally, I do feel that way. By no means am I downplaying the work done by security professionals in other verticals, they do very important work. Let’s look at the manufacturing sector as an example. If an assembly line halts due to a ransomware attack the business can lose a large amount of money. That’s bad, but chances are no lives were lost. In healthcare, that is a very real risk.
If my memory serves me correctly, last summer there was a ransomware incident in Germany where a patient died because ransomware disrupted emergency care at a facility. The ambulance was directed to another hospital, which delayed the patient’s treatment. She died shortly after. German prosecutors filed homicide charges against the people that triggered the ransomware attack. It’s just a different dynamic in the healthcare space: human lives versus loss of capital.
Which concerns you the most from an InfoSec perspective?
The number one concern today is ransomware. Unfortunately, the main vector that allows ransomware attacks to occur is still business email compromise. No matter how you adhere to defense or build out your security operations, bad guys are too good at targeting and compromising endpoints through phishing. The combination of the two really makes me sweat. If we experience a successful ransomware attack, it’s going to cripple us. Even the largest health organizations can shut down for a day to recover and get everything back up online. That is why ransomware in healthcare is definitely the number one concern.
Going forward, I think the Internet of Medical Things (IoMT) and Internet of Things (IoT) will be the next ones to really impact healthcare organizations. While this is not new to the industry, we already see compromises accelerating. The bad actors are always one step ahead. There is a constant stream of new devices that we are just starting to take inventory of that can all be a vulnerability point within the network.
What do you do for fun? What do you like to do outside of the office?
When I’m not sitting behind a monitor, you’ll find me outdoors in Wisconsin. I try to spend as much as much time outdoors as I can whether it is canoeing, camping, or hunting.
To learn more about how to participate in the LogRhythm Champions Network, reach out to [email protected] or visit https://logrhythm.com/champions-network/.