Cory E. Brennan
Attorney and Advisor
Phone: (317) 429-3614 | Fax: (317) 633-4878
Cory Brennan is a leader in the medical device security industry with nearly a decade of experience in developing medical device security and risk management strategies and implementing advanced technology solutions in order to align key business objectives with effective tools. Cory focuses her work on advisory services related to medical device security, such as performing risk assessments specific to the medical device environment in order to create a better understanding of medical device vulnerabilities and develop strategies for risk remediation, as well as integrating the implementation of security controls into the overall lifecycle approach for medical device management. She has excelled in developing, improving and managing an effective organizational medical device security and risk management program capable of meeting compliance standards and managing the demands of clinical operations for large organizations, including a multibillion-dollar health care system serving more than 2,600 sites across 21 states. Cory has extensive practical knowledge of health care information security and compliance standards including HIPAA/HITECH, NIST and ISO and is a member of the Healthcare Technology Leadership Council for the Association for the Advancement of Medical Instrumentation (AAMI).
- Indiana University Robert H. McKinney School of Law, J.D. – 2019
- Indiana University, B.S. – 2015
- Spring 2022 Online Faculty Member | Course in Cybersecurity – CHIME University
Senior Medical Device Security Leader – Program Development, Operations Oversight, Integration Planning: Led a team in the delivery of medical device security services providing high-quality service to large health care organizations. Implemented large-scale programs to support evolving business and client goals while reducing medical device risk. Conducted strategic planning for aligning business goals to technology investments by defining project scope, developing business cases, forecasting project and ongoing capital and operating budgets, managing resources to meet program deliverables and implementing approved initiatives.
Compliance and Security Assessments: Regularly performed and provided oversight for the performance of compliance and security risk assessments for individual medical devices as well as holistic, organizational medical device security programs. This included reviewing clinical asset inventories, evaluating current security practices to identify risk and mitigate existing and potential vulnerabilities, assessing and improving the physical security controls of information systems (RFID deployment, secure access controls and management) and identifying streamlined, effective and integrated managed services processes for secure device management.
Advisory Support: Provided oversight for various large clinical engineering and information security teams in responding to medical device security events and incidents in order to implement effective mitigation measures for ensuring the continued availability and integrity of clinical systems. Developed and conducted tailored lessons learned and training procedures upon completion of event or incident.
Strategic Planning: Regularly collaborated with business and clinical strategic leaders to understand current state, future business objectives and goals and then formulated roadmaps for realizing the desired future state and integrating medical device security processes into the holistic objectives. Assessed and recommended technology investments leveraging the organization’s capital equipment replacement and planning processes.
- HealthCare Information Security and Privacy Practitioner (HCISPP) – (ISC)2
- Certified Information Systems Security Professional (CISSP) – (ISC)2
- Certified Associate of Project Management (CAPM) – Project Management Institute
- Certified Associate in Healthcare Information and Management Systems (CAHIMS) – HIMSS