Dec 6
2023
Q&A with Mikael Öhman, CEO, Meditology | CORL Technologies
In September, Mikael Öhman took the helm of CORL Technologies, tech-enabled managed services for vendor risk management and compliance, and its sister organization Meditology Services, which provides information risk management, cybersecurity, privacy, and regulatory compliance services for the healthcare industry.
Öhman comes to CORL and Meditology from KMS Healthcare, where he was CEO of the global technology services company. Previously, he was a consultant at McKinsey and Company in Stockholm and Atlanta, managed international operations for Cerner, and led mergers and acquisitions for McKesson’s IT business. In addition to his executive health IT experience, which also includes serving as COO for software, services, and device companies, Öhman co-founded an urgent care business that was sold to Piedmont Urgent Care by Wellstreet.
We recently sat down with Öhman to discuss the current healthcare cybersecurity landscape, what’s on the horizon, and his plans for CORL and Meditology.
EHR: How would you describe the current state of cybersecurity in healthcare?
Öhman: Big, big, big worry. For everybody. Anytime you look at the news, you hear about another health system getting hit with a ransomware attack or a vendor being hacked. That’s why cybersecurity is absolutely a key priority. The bad guys know that healthcare data has tremendous value; you can get rich by holding somebody’s data hostage or selling it.
Healthcare is complex. It requires a highly networked system with many vendors involved at many different points. Data doesn’t just live in one place anymore. While all the data sharing and integration points to move information between on-premises systems and cloud environments are fabulous, they also raise the security threat level by magnitudes. The criminals are going to find the weakest link. When they do, the damage that can be done because of data aggregation is much, much higher. It’s why security is an obvious priority.
Managing and securing healthcare is a much bigger job now than it was 10 years ago when most of your systems were sitting in a data center behind your own four walls. You could see and touch it and feel that you had control. Now, there is a proliferation of cloud-based and SaaS vendors that, if not properly vetted and controlled, can create new exposure points that you may not know even exist. Every provider and payer – anybody using multiple vendors – must be prepared because it’s going to continue to get riskier every single day as new technologies come out.