Healthcare and data sensitivity: It affects us all

  • ESO sets out to protect healthcare data as cyber threats are on the rise

    ESO, established in Texas, set up its European headquarters in Belfast in 2019. The company develops software products for EMS agencies, fire departments and hospitals that are transforming the way first responders collect, share, report, and analyse critical information to improve community health and safety.

    The Belfast office is on track to creating 120 jobs supporting the parent company, as a market leader in delivering innovative software and data insights for first responders and frontline workers. The team at Sync NI sat down with Finian Mackin, Director of Security Architecture & Engineering to talk about Cyber Security threats and career opportunities within the sector.

    Q. As Director of Security Architecture & Engineering in the healthcare and emergency response industry, how would you describe your role?

    I run a team responsible for providing the security guidance and guidelines for our engineers to develop and deliver our platform. That means developing the standards and approaches for our engineers to build out our software as a service and to do that in a way that means that we can get some assurance around the security of both our customers, our data and our intellectual property.

    As a SaaS company, we have a lot of environments that live in various clouds so ultimately we provide the standards for the engineering teams to build out in those clouds.

    Q. What sort of security threats would you typically encounter in your organisation?

    Healthcare is all about sensitive data. We are subject to HIPAA, which is a health regulation in the US and that provides guidance around how we need to protect health information related to our customers and our customers' customers’ Effectively our biggest threat is data theft because there's a lot of value in people's personal information.

    In these modern times, we face all kinds of threats. Typically, these can be everything from what we would call script killings, which is kids at home just attempting to break stuff for the sake of it, right through to actual nation-state attacks. Across the sector, we are seeing more and more a large proliferation of attacks originating from further east globally and that's an attempt to cause an impact on key critical infrastructure systems.

    Anything that can adversely affect health care provision is obviously a personal risk to us as well. We can have inside threats so something that we need to be aware of is how our own employees access data, therefore it is important to protect the data both externally and internally.

    Q. What are the motivations for those ‘bad players’ who target organisations in the healthcare and emergency response sector?

    It can be anything such as kudos for taking systems down but generally speaking, it's financially motivated. We see a lot of ransomware attacks, where systems are attacked and people or organizations are blackmailed into spending money in order to decrypt sensitive data that they need to run the business. So in general, it's financial motivation but it can also be an effort to destabilize our industry and core services.

    Q. As Cyber threats increase, what more can be done to address the skills shortages in the industry?

    The university courses available in Northern Ireland are definitely helping to reduce that skills shortage and are providing courses now that are more aligned with what the industry needs. It's been quite a recent development that universities are taking feedback from industry as to what exactly it is that the industry needs in people, in order to provide security services. It also means making sure that we're training people in all areas of security, so that's everything from technical security, social engineering and everything in between.

    I think as well that incentivizing students who get involved in security is quite important, such as large organizations offering good placements to students as part of their training.

    Q. Northern Ireland has become a leading global hub for Cyber Security companies. Why do some many US companies choose to invest here?

    I do think our universities are a big part of it. There are large engineering departments in both Queens and University of Ulster, and the courses and the qualifications that are delivered are pretty well renowned. The Master's in cybersecurity at Queen's Belfast has kind of been put on a global security stage and there's been a lot of investment here in both universities.

    Also, I think large American organizations see other tech organizations here already, so they can see the talent pool that we have as well as the generations of very experienced engineers and security professionals. So by virtue of the fact that there are already a lot of companies here and other companies are kind of flocking into the town.

    Q. What opportunities exist for people wishing to forge careers in the Cyber security sector?

    I think there are massive opportunities in Northern Ireland right now. With the amount of large tech, financial services and global SaaS organizations that are based out of here, there are lots of job offerings and the salaries are on par with London at this stage. That means that geographic location is no longer a factor for people.

    There are so many opportunities here at this stage that people can pick and choose the roles that they're interested in and it gives people the opportunity to specialize as well, which makes them more employable.

Share this story