John Santana

But healthcare is truly unique, right? I mean, with those Pharma companies and med device companies, they have to deal with the maelstrom of FDA requirements. And then if you're a provider, you have to make sure you're HIPAA compliant. So those highly nuanced regulatory complexities are what create those unique health care challenges.

Yeah, absolutely. Historically, what we've seen is that cybersecurity has been just a footnote or a couple of side questions within more generalized and broad IT operations diligence. We're really working hard to change that.

Yeah, absolutely. Historically, what we've seen is that cybersecurity has been just a footnote or a couple of side questions within more generalized and broad IT operations diligence. We're really working hard to change that.

Yeah, absolutely. Historically, what we've seen is that cybersecurity has been just a footnote or a couple of side questions within more generalized and broad IT operations diligence. We're really working hard to change that.

I mean, in this environment where last year there were 277 million records breached and the year before that over 160 million records breached, it's not good enough to just have a couple of cybersecurity questions at the end of your IT ops diligence, right? We really need dedicated cybersecurity diligence and looking at cybersecurity controls, not just reading from a checklist

I mean, in this environment where last year there were 277 million records breached and the year before that over 160 million records breached, it's not good enough to just have a couple of cybersecurity questions at the end of your IT ops diligence, right? We really need dedicated cybersecurity diligence and looking at cybersecurity controls, not just reading from a checklist

I mean, in this environment where last year there were 277 million records breached and the year before that over 160 million records breached, it's not good enough to just have a couple of cybersecurity questions at the end of your IT ops diligence, right? We really need dedicated cybersecurity diligence and looking at cybersecurity controls, not just reading from a checklist

But doing a proper deep dive on cybersecurity posture, resources, capabilities, right outside of just technology naming and really developing a nuanced cybersecurity strategy that's going to complement the IT strategy and build in those cybersecurity components into that investment model, into that equation, you know, before the deal's even closed.

But doing a proper deep dive on cybersecurity posture, resources, capabilities, right outside of just technology naming and really developing a nuanced cybersecurity strategy that's going to complement the IT strategy and build in those cybersecurity components into that investment model, into that equation, you know, before the deal's even closed.

But doing a proper deep dive on cybersecurity posture, resources, capabilities, right outside of just technology naming and really developing a nuanced cybersecurity strategy that's going to complement the IT strategy and build in those cybersecurity components into that investment model, into that equation, you know, before the deal's even closed.

Yeah, absolutely. So starting with the basics, if a formal cybersecurity framework hasn't been adopted, stop what you're doing and do that first. And then really at the firm level, looking at adopting a set of minimum standards or a benchmark. And that could be very unique and nuanced based on the blend of the portfolio. But things like security awareness and training, right?

Yeah, absolutely. So starting with the basics, if a formal cybersecurity framework hasn't been adopted, stop what you're doing and do that first. And then really at the firm level, looking at adopting a set of minimum standards or a benchmark. And that could be very unique and nuanced based on the blend of the portfolio. But things like security awareness and training, right?

Yeah, absolutely. So starting with the basics, if a formal cybersecurity framework hasn't been adopted, stop what you're doing and do that first. And then really at the firm level, looking at adopting a set of minimum standards or a benchmark. And that could be very unique and nuanced based on the blend of the portfolio. But things like security awareness and training, right?

Like the phishing simulations, which can help get your workforce up to snuff to So you don't get hit by a ransomware attack or, you know, just a big phishing attack that could lead to email compromise.

Like the phishing simulations, which can help get your workforce up to snuff to So you don't get hit by a ransomware attack or, you know, just a big phishing attack that could lead to email compromise.

Like the phishing simulations, which can help get your workforce up to snuff to So you don't get hit by a ransomware attack or, you know, just a big phishing attack that could lead to email compromise.

Vulnerability management and penetration testing, developing an incident response, incident response program, business continuity, disaster recovery policies, procedures, basic blocking and tackling stuff. That's applicable to any organization, regardless if you're a startup or a multimillion dollar company. a year provider or social health company, et cetera, right?

Vulnerability management and penetration testing, developing an incident response, incident response program, business continuity, disaster recovery policies, procedures, basic blocking and tackling stuff. That's applicable to any organization, regardless if you're a startup or a multimillion dollar company. a year provider or social health company, et cetera, right?

Vulnerability management and penetration testing, developing an incident response, incident response program, business continuity, disaster recovery policies, procedures, basic blocking and tackling stuff. That's applicable to any organization, regardless if you're a startup or a multimillion dollar company. a year provider or social health company, et cetera, right?

So developing what those minimum standards are and looking to enforce that across the board. And then from there, right, developing that portfolio level monitoring. So in our case, right, we use a common assessment framework. We're big fans of 405D over here.