Cybersecurity Consultants Weigh In: Healthcare Organizations Shouldn’t Go It Alone | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cybersecurity Consultants Weigh In: Healthcare Organizations Shouldn’t Go It Alone

January 31, 2017
by Heather Landi
| Reprints
Click To View Gallery

Earlier this month, Austin, Tex.-based cybersecurity and privacy consulting firm CynergisTek announced it had been acquired by Auxilio, Inc., an IT security services provider based in Mission Viejo, California, in a deal valued at up to $34.3 million.

In addition to IT security services, Auxilio also provides document workflow solutions and services such as document consulting, print-as-a-service (PRaaS) and print device security. CynergisTek will continue to operate independently as a wholly owned subsidiary of Auxilio, and, as part of the deal, Auxilio’s Redspin division, which focuses on penetration testing and security assessment, will become part of CynergisTek. Following the acquisition news, it was announced this week that CynergisTek was ranked Best in KLAS in the Cyber Security Advisory Services category in the 2017 Best in KLAS Awards: Software & Services report.

Company co-founders Mac McMillan and Michael Mathews, Ph.D, launched CynergisTek in 2004 and in the past 13 years the data security landscape in healthcare has changed significantly. With the advancement of the Internet of Things (IoT) and connected medical devices, healthcare cybersecurity has only become more complex and challenging.

At the time of the acquisition announcement, McMillan said, “Our clients recognize that document and device security are important components of their overall security risk profile and the ability to deliver an integrated approach to managing those aspects of their infrastructure along with the digital pieces we’ve traditionally focused on is something we are laying the foundation for now.”

In a prepared statement, Auxilio CEO Joe Flynn said when announcing the acquisition, “We have come to know the founders and employees of CynergisTek quite well over the last couple of years and from the earliest conversations it was obvious we shared a vision of what the future of healthcare IT security and document workflow looked like and how the two will become increasingly intertwined.”

Healthcare Informatics assistant editor Heather Landi recently spoke with both McMillan and Flynn about how the cybersecurity threat landscape in healthcare has changed and the ongoing challenges facing data security leaders at patient care organizations. Below are excerpts from that interview.

Both of your companies have experienced strong growth in the last few years. How might that reflect the current security landscape?

McMillan: There’s no doubt about it, bad news or good news, whichever way you look at it, the threat environment is not abating at all. It’s going to continue to create challenges for organizations or industries that are very reliant on their information system and their data, which healthcare is. And, it’s an area that, unfortunately, healthcare is still very much behind the power curve, so to speak, in terms of the level of investment that the industry has made compared to other regulated industries. So there’s a tremendous amount of running room left in the market for companies to grow that have the right model and right approaches and the right set of services. So far, knock on wood, we’ve been there and hopefully the Auxilio transaction is going to give us the ability to turn up the heat and continue to grow in that direction.

Mac McMillan

Flynn: The need for healthcare to operate more efficiently and to save dollars has been the focus of our model, however, over the last four or five years, security has been number one on the list of priorities for our IT clients, which prompted us to make investments in this area. Typically, our team reports in to the IT organizations, so wanted to have a good answer them as to how we were going to help them secure the document production side of things. That is absolutely a priority and I don’t see that priority going away anytime soon.

What are the biggest data security challenges facing healthcare CIOs and CISOs?

McMillan:  I think one of the biggest challenges they are dealing with is their shrinking budgets and trying to catch up with where they need to be on the security front. It’s becomingly increasingly difficult for them to find the dollars to invest in the spend for an area that is typically not viewed as producing revenue, but there is an absolute critical need for them to do that to protect the environment that actually is producing the revenue, so that’s a big challenge.

Another challenge is the absolute pace at which technology is evolving and innovating. They are deluged, with new applications, new systems, new devices and new approaches to handling data and sharing data, and at an exponential rate, and that in and of itself is creating tremendous challenges for them to try to keep up and to try to understand the risks associated with that. Right behind that is the fact that healthcare is absolutely a target today for cybercrime. Criminals have figured out how to monetize cybercrime and they have figured out how to push healthcare’s buttons with respect to the types of attacks that are effective and those three things create a very challenging landscape for a CIO.


Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More