Health Connective

Episode 24

How Cybersecurity Can Be a Business Differentiator with Terry Ziemniak

Aired On: September 3, 2024

Hosted By

Michael Roberts

Michael Roberts

Justin Bantuelle

Justin Bantuelle

Terry Ziemniak, a fractional CISO and partner in Tech CXO’s Product and Technology practice, joins hosts Michael Roberts and Justin Bantuelle to discuss how cybersecurity can be a business differentiator for medtech companies. Most of us think of cybersecurity as a requirement we have to meet, but it can be a key feature of your offering, particularly in a space where protecting patient data is of utmost importance.

Resources

More Episodes

What the FDA’s Latest Cybersecurity Guidance Means for Medical Devices with Bold Type
July 9, 2024

Learn More About the Show

Download Transcript

In this Episode

  • 01:02 Using Cybersecurity as a Sales Differentiator
  • 02:29 Prioritizing Cybersecurity to Mitigate Third-Party Risk
  • 09:32 Building Trust and Meeting Buyer Expectations
  • 13:20 The Importance of Data Protection and Privacy in the Direct-to-Consumer Market

Quotes From This Episode

Nowadays the cybersecurity perspective from these clients in these organizations you’re selling to, they’re looking at you guys, meaning whoever they’re procuring from, as a cyber risk. It’s very clear nowadays and it’s a common phrase called third party risk. You know, if you are selling something to a big healthcare company, insurance, whomever, you are a risk to them. So keep that in mind when you have the conversations, and that’s where cybersecurity becomes the value add, the differentiator, in addition to, you just have to have it these days.

Terry Ziemniak

Once you see one third party risk assessment, once you get that spreadsheet once, it’s about 80% of the same spreadsheet you get from everybody else. So again, it’ll talk about encryption and backups and antivirus and whatever else it may be. So it’s not unique, massive discovery efforts every single time. And there’s no harm if you have a prospect, if you’re having a conversation, go ahead and ask them. Say, ‘Hey, can I get your third party assessment checklist? We would like to prepare for it and see how we’re doing.’ If you’ve never done one before, go ahead and ask.

Terry Ziemniak

So realize if you do backup testing once to satisfy an audit, you should be thinking in your head, well I gotta put a mark on my calendar. We do it every single year. User education, we’ve done it once. Maybe you should be doing it quarterly or monthly. So you know, whatever you build, maintain. Because again, your future third party assessments you’re gonna get are gonna have a majority of the same questions and you’re gonna already have that addressed and say, yep, we, we know this is all running.

Terry Ziemniak
HIPAA Seal of Compliance