Google Cloud announced that it’s joined the Health-ISAC as an ambassador partner, becoming the first major cloud vendor to join the group. The new collaboration will see the tech giant directly partnering with the healthcare community and its leadership, sharing its experience and knowledge to help secure the healthcare ecosystem.
“Health-ISAC will leverage Google's data and tools like VirusTotal, plus the extensive resources available from Google,” Health-ISAC’s Chief Security Officer Errol Weiss told SC Media.
The effort will “improve security and resilience of the global healthcare sector.” He added that the hope is Google’s global branding will help to grow Health-ISAC’s membership in Europe and Asia-Pacific.
From a practitioner perspective, the Google-Health-ISAC partnership will work to address the issues that arise from the inter-connected health ecosystem, Taylor Lehmann, director of the Office of the CISO for Google Cloud told SC Media.
A former CISO of athenahealth and Tufts Medicine, as well as a security leader for a number of healthcare companies, Lehmann is well-aware of the sector’s systemic security issues and the role Google could play in bringing everyone to the table.
However, the move isn’t designed to see Google mandating commercial needs or expectations. Lehmann, who is also a former board member of Health-ISAC, explained that Google is joining the Health-ISAC community in the most natural way possible, without pre-conditions or special commercial agreements.
“There’s none of that. We’re not selling the ISAC any Google tech, nor are we taking over any of the ISAC’s infrastructure,” said Lehmann. “We're joining the community, just like any collaboration, or any new member.”
However, there are expectations from Google and the ambassador program leaders to “use Google's resources to help the community improve,” he continued. The partnership will take many forms, including joining the working groups and aligning some of the “smartest, well-equipped, experienced security people at Google to work on tough community problems with discrete outputs.”
Community, threat sharing hold key to systemic challenges
Providers are on the frontlines fighting challenges to keep health systems, payers, research organizations up and treating patients.
However, healthcare is highly dependent on one another, and there’s a strong chasm between the “security-haves and the security-have-nots,” Lehmann explained. But there are very few haves — and many more have-nots.
The Health-ISAC is a community that understands that working together without ego posturing makes everyone stronger. The ISAC brings those groups together under a common platform to collaborate.
Lehmann was a Health-ISAC member while in his role as a healthcare CISO. "The easiest membership fee I ever paid for anything.”
Security products have a strong place, but threat sharing and hearing directly from the community only serves to bolster approaches and help security leaders keep on top of the most pressing issues.
Google has a strong focus on leveraging its resources to “share this fate” and help those organizations innovate at scale with strong protections. The alignment with Health-ISAC and strategic healthcare groups is the best way to directly impact “building a resilient healthcare ecosystem.”
Lehman said there’s hope that by interacting directly with healthcare security leaders on the frontlines, the insights can better influence what Google builds, particularly for the sector. It’s a key goal held by Google and where the tech giant aims to be in the industry.
Google is working to “solve small problems first,” which will accumulate into “solving bigger problems and then, eventually, building the base for all future business is done on top of the shoulders of the folks who have learned how things go wrong,” he said. “For us, we don't have any special access to information of anybody in the community … [or] access to any real sensitive data.”
Instead, the company leaders show up and get to know those on the frontline and learn from the organization itself.
"There's nothing sexy about it," Lehmann continued. "We're here to help. We're standing side by side and sharing fate with this community."
In recent years, the company has worked to build deep relationships and understands “where we need to share our own fates together as stakeholders.”
In terms of healthcare, it’s an issue affecting everyone, he added.
“I don't think anybody would disagree that having a stronger health system that can defend against attacks … which are increasing year by year and the severity of which are getting closer to affecting human health -- is a good thing."
In August 2021, the company committed $10 billion to advance cybersecurity across all sectors. The Health-ISAC partnership advances those investments. Lehmann urged other companies to make similar investments because the more hands working to solve these issues is better for everyone.
“Google is a technology company but we have a mission and a vision as a company to positively affect our customers and the world around us,” said Lehmann. Google’s mission is to serve societies, he stressed that by being part of the Health-ISAC community can further those goals — and is “just the starting point.”
The company is working on efforts to help Health-ISAC’s reach, while supporting Google users and other customers to take advantage of provided, free resources, Lehmann said. “Collaboration is key. We're not trying to overcomplicate it. But we're starting at a grassroots movement.”