In a recent episode of Microsoft’s Afternoon Cyber Tea podcast, CareFirst BlueCross BlueShield’s (CareFirst) Chief Information Security Officer (CISO), Rob Suárez, joined host Ann Johnson for a timely conversation about how cybersecurity, trust and patient safety intersect in today’s healthcare environment.
The discussion explored why cybersecurity in healthcare goes beyond technology—and why protecting data ultimately means protecting people. Rob shared how CareFirst approaches cybersecurity in an increasingly complex, interconnected digital ecosystem while staying focused on the needs of members and patients.
From the outset, Rob emphasized that cybersecurity is a human responsibility, not just a technical one.
“Under the layers of technology, there is a human element to everything we do in cybersecurity. There's a moral responsibility that guides decisions. It's not just about protecting systems—it's about protecting people. In healthcare cybersecurity, it is inseparable from patient safety and digital integrity.”
This perspective framed the broader conversation around trust—how it’s built, how it’s protected and why it matters most when patients rely on essential healthcare services.
Rob also highlighted the critical connection between cybersecurity, privacy and patient safety. As he noted later in the episode, even the most secure technology can fall short if it undermines trust.
“We can have the most secure healthcare technology; however, if it undermines the privacy and safety of individuals, then it’s very likely that people won’t use that technology…privacy and patient safety are inseparable from security.”
This philosophy guides CareFirst’s secure‑by‑design approach and reinforces why the organization continues to invest in resilience, transparency and continuous improvement across its digital infrastructure.
Throughout the conversation, Rob and Ann discussed the realities of defending a broad healthcare landscape—from clinical systems and financial platforms to medical devices and third-party partners. Rob underscored the importance of fostering a strong security culture across the organization, ensuring teams understand that cyber resilience supports continuity of care, not just system uptime.
As the episode concluded, Rob expressed optimism about the future of healthcare cybersecurity. He pointed to growing collaboration across the industry and the responsible use of AI as key opportunities to strengthen defenses.
“When we incorporate AI into healthcare, new risks will emerge. It’s an investment to continually maintain, strengthen and evolve that technology so we can keep driving real value for patients.”
For CareFirst, that forward-looking mindset reflects a longstanding commitment to protecting members earning trust and ensuring safe, reliable access to care. Cybersecurity remains foundational to who we are—and to the work we do every day to build resilience and safeguard the communities we serve as healthcare continues to evolve.
Listen to the full episode here.
To learn more about how CareFirst is transforming the healthcare experience with and for those we serve, visit carefirst.com/transformation.