Metricstream Logo

AI-First Connected GRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

webinar

MetricStream Named Among the Top RiskTech AI Companies in the World in Chartis RiskTech AI 50 2025

Learn More

Discover Connected GRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Your Insight Hub for Simpler, Smarter, Connected GRC

Download this report to explore why cyber risk is rising in significance as a business risk.

Looking into 2025 – A Journey Through GRC Challenges and Priorities

Download the Report

Learn about our vision and mission

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

Health Leaders: Greater Collaboration Can Help Prevent Future Cyberattacks

blog-dsk-Weekly-Blog-Upload-Feb-18th-2024
4 min read

Introduction

MetricStream’s CEO and Co-Founder, Gaurav Kapoor, shared his insights on Health Care Business Today explaining the need for healthcare leaders to prioritize cybersecurity and collaboration to protect patient data.

This was initially published by Health Care Business Today and to read the full article, click here.

With lives on the line, data breach and risk events in healthcare are especially critical.

2024 marked the largest ever healthcare data breach in the U.S. and over 300 additional breaches have been reported within the industry.

Despite being one of the most heavily regulated sectors, the healthcare industry continues to be one of the biggest targets for cyber criminals and hackers. What’s more concerning: their skills will only continue to get better.

Healthcare leaders are advised to continue to focus on cybersecurity in 2025 and push for industry-wide collaboration to address the ongoing threat of cyberattacks. By prioritizing fundamental cyber hygiene steps to prevent and address threats, healthcare companies can shore up their vulnerabilities and work together to protect patient data.

Healthcare’s major vulnerabilities

With a rich ecosystem of confidential, personal patient data, health systems are a high-value, low-hanging fruit for hackers looking to extract a ransom, sell to the dark web, or cause chaos.

Though there has been positive rapid digitalization in the healthcare sector, especially since the COVID pandemic, many organizations still rely on legacy technology.

As a first step, basic cyber hygiene practices like upgrading software, updating passwords frequently, using multifactor authentication, and conducting regular employee training can address easily preventable vulnerabilities and thwart lurking insider employee risks.

Health leaders need to focus deeper on two key areas of vulnerability: data security and third-party risks.

Though leaders are aware of the importance of protecting patient data through existing regulations like HIPAA, another component of maintaining data security is ensuring that data sharing is seamless and secure. Organizations must ensure their EHR platforms and related digital systems are regularly updated and follow the most current compliance standards for data storage and sharing. Data encryption is advised to protect healthcare records, regardless of whether those records are being stored or actively shared.

Third party risks pose an enormous threat to health systems due to the sheer number of third-party partners and suppliers that connect into the system: everything from billing services to cloud providers to internet-enabled medical devices represent third party risks. It only takes one of these systems to be compromised to impact the entire health system. It is imperative for healthcare organizations to actively, continuously monitor their third-party partners and conduct comprehensive and periodic audits to ensure ongoing compliance.

Industrywide collaboration is one necessary part of the solution

Today, comprehensive risk management encompasses prevention and resilience: to prevent risks from happening and reacting quickly when a risk event does happen while maintaining business continuity.

Many organizations, especially in healthcare, only focus on the former. In such a regulated industry, compliance can become a box-checking measure. But managing risk is proactive: leaders must go a step further to prepare for future risk and plan for when a risk event occurs.

Health leaders should consider taking a page from another highly regulated, high data volume industry – the banking and financial services industry – when strategizing how to proactively protect against risks.

Banks work together as an industry to disclose risk events, share strategies, and learn from others’ experiences to strengthen their risk programs The FDIC requires this practice as banks are so highly interconnected, having learned the dangers of systemic risk from past non-cyber events like the 2008 housing crisis or the banking crisis of 2023. These events highlighted the need for prevention and resilience, as well as the need for systematic disclosure of breaches.

Similarly, this year’s health breaches showcased just how interconnected health systems are – and how vulnerable they can be if breached. A breach from a third-party partner can disrupt payments, health equipment, ambulance services, and life-saving processes that are not only costly to set right but have devastating consequences on healthcare outcomes.

As health leaders continue to advance the interoperability and digitalization of healthcare systems, they also need to collectively prioritize cybersecurity, data safety, and third-party risk management practices. Strategies for managing risk should be proactive in nature, interconnected across the health system, and continuously enforced not just within the organization but also with third-party partners.

Cyberattacks impact the entire healthcare system – not only for the affected organization but also for the ripple effects that impact the rest of the ecosystem. Healthcare organizations carry a mission to protect their patients, so they owe it to those patients to work together and learn from each other’s best practices for protecting valuable patient data and instilling an industry-wide culture of risk awareness.

Gaurav-Kapoor MetricStream

Gaurav Kapoor Co-founder & Vice Chairman

Gaurav Kapoor is the Co-Founder, Vice Chairman and Board Member at MetricStream focused on AI-First growth strategy and execution, customer expansion and market competitiveness.

Prior to this, as CEO, Gaurav led MetricStream to become a global market leader in Governance, Risk, and Compliance (GRC), delivering value to customers, shareholders, employees, and partners. Over the past decade, he has played key leadership roles—Co-CEO, Chief Operating Officer, and Chief Marketing Officer—driving Strategy, Go-to-Market, Sales, Marketing, Partnerships, Customer Success, Service Delivery, and Support through various phases of the company’s growth.

Gaurav also served as the founding CFO of the company helping lay the early foundation for the company’s long-term success. Under his leadership, MetricStream has expanded its global footprint, serving customers in over 30 countries with a workforce of more than 1,000 employees. Its investors have included BlueTorch Capital, Goldman Sachs, Clearlake Capital, Sageview Capital, CM Growth, Kaiser Ventures, and Singapore’s Economic Development Board (EDBI). MetricStream counts many Global 500 companies among its customers.

Prior to MetricStream, he was at OpenGrowth, an incubation and venture firm where he helped build and grow several companies including ArcadiaOne and Regalix. Prior to that, he spent several years in high growth business roles at Citi in Asia and the U.S including consumer digital payments and derivative financial products.

Mr. Kapoor has a Bachelor's degree in Technology (with Honors) from the Indian Institute of Technology, a degree in Business from FMS, Delhi, and an MBA from the Wharton Business School, University of Pennsylvania, where he graduated as a Palmer Scholar. He has served on the board of Regalix, a digital innovation and marketing company for a decade and an investor/advisor to other technology companies.

Apart from a high degree of customer intimacy working closely with dozens of the largest global organizations, he has been a regular contributor and speaker at the GRC Summit, IIA, Ops Risk, GARP, RMA, and SIFMA, among many other industry platforms. He is also a member of the Forbes Technology Council and NACD certified member.

 

Related Resources

Blog
Blog
7 mins
DBV Phanindra Kishore
The Future of AI Demands a Strong GRC Foundation