Securing a Healthcare Facility: Guide to Implementing a Comprehensive Cybersecurity Program for Small to Medium Sized Facilities

The need for this book arises from the growing cybersecurity challenges faced by small to medium-sized healthcare facilities, which often lack the resources, expertise, and dedicated staff to interpret and implement complex security regulations.

Derek Sliger is an Information Security professional with a diverse background spanning high-stakes National Defense and complex healthcare environments. His career began with the American Missile Command (AMC) and the Strategic Defense Command (SDC), where he played critical roles in safeguarding national assets. These experiences sharpened his technical and strategic expertise, providing a deep understanding of threat landscapes and defense mechanisms. After over a decade in National Defense, he transitioned into healthcare, where he served as Chief Information Security Officer (CISO) for multiple organizations. While the environments differ, both demand rigorous security measures to protect sensitive data and critical infrastructure. In healthcare, the stakes extend beyond data loss to patient safety, requiring a balanced approach that ensures both security and accessibility.

Derek’s expertise spans key cybersecurity frameworks and regulations, including NIST 800-53, HIPAA Security Rule, 405(d) Health Industry Cybersecurity Practices, and the NIST Cybersecurity Framework (CSF). He has led organizations in implementing robust security controls tailored to their specific risks and compliance requirements. His work has focused on protecting electronic Protected Health Information (ePHI), mitigating top threats like phishing and ransomware, and ensuring medical device security. With a disciplined approach to risk management, compliance, and incident response, he builds resilient cybersecurity programs that align with business objectives. Derek’s commitment is to stay ahead of evolving threats, integrate innovative security strategies, and foster a culture of security within organizations.