Healthcare systems and data aren't secure. Compliance doesn’t mean security. I’m saying this bluntly because that's how it is. We gather evidence at a 10% sample rate from our environment and claim it represents everything we have. Does that 10% provide full assurance on the other 90%? Of course not. You know it, the auditor knows it. What if we don’t sample but instead, audit the entire population, 100% every time?As a former health tech CISO, I travelled your path. Compliance means we knowingly turn a blind eye to the majority of our environment, as long as the sample set is clean enough. I’m calling out to my fellow health care security and compliance leaders — it’s time for a change. How many additional breaches do we need to see to admit healthcare compliance, the way it is done today, isn’t working? Let’s automate full population analysis and understand the complete security context. Let’s take a page out of the top high tech security company models and apply that to our healthcare systems and data. It may be hard at first, but it’s totally worth it, I promise.3 Key Takeaways: 

• My CISO journey and the problems with healthcare compliance
• Understand what fully automated compliance analysis provides
• A roadmap to help kickstart your automated compliance program