QUESTION
Does NYC Health and Hospitals have its own cybersecurity program and protocol, and how does it coordinate with the Office of Technology and Innovation?
0:22:39
·
90 sec
The council member inquires about the cybersecurity oversight and protocols for NYC Health and Hospitals, which is not a direct city agency. The Chief Information Security Officer explains:
- NYC Health and Hospitals has an internal security team and cybersecurity program.
- It works closely and routinely communicates with the NYC Office of Technology and Innovation's cybersecurity team.
- There is a shared responsibility for cybersecurity across all agencies, including those not directly under the city.
- The Office of Technology and Innovation assesses and helps develop cybersecurity maturity at all agencies, including NYC Health and Hospitals.
Jennifer Gutiérrez
0:22:39
And I under I know that health and hospitals is not directly a city agency.
0:22:46
Do you all have kind of control or a sense of security there in the same way that you do with any other city agency?
0:22:53
Or what's the what are the dynamics there?
Kelly Moan
0:22:55
Thank you for that question.
0:22:57
I think the reality of the world cybersecurity within the city's domain is that New Yorkers don't entirely care which agency might be impacted by the incident, and they typically feel very deeply when incidents impact them directly.
0:23:11
And so our job as the the cyber command is to work with that broad term of agencies, including health and hospitals, to understand what the cybersecurity posture is embedded in that organization and how we can assess to further develop maturity across the cybersecurity journey of all of the agencies, including those that might not properly fit directly within the city's domain.
Jennifer Gutiérrez
0:23:35
So it's it's would NYC Health And Hospitals have their own cyber security program in protocol And they do they not have to be in communication with OTI?
Kelly Moan
0:23:47
They they are in routine communication with us.
0:23:50
We it's a shared responsibility across all agencies.
0:23:54
And so we partner with them not dissimilarly to any any of our other agencies.
0:23:58
They do have an internal security team just like other agencies do as well.
0:24:02
And that close partnership continues to promulgate day to day on a weekly, monthly basis depending on the topic.
Jennifer Gutiérrez
0:24:09
Got it.
0:24:09
And what are some other examples of agencies similar to h and h that you all coordinate that are public, private, EDC 1 of them?
← Previous Chapter
What is the frequency of conversations with agencies that have experienced cyber breaches or incidents, particularly New York City Public Schools?
Next Chapter →
What are some examples of agencies similar to Health and Hospitals that the Office of Technology and Innovation coordinates with regarding cybersecurity?