How Cloud Security Risks Grow With Home-Based Care

Governance & Risk Management , Identity & Access Management , Identity Security How Cloud Security Risks Grow With Home-Based Care Anahi Santiago of ChristianaCare on Challenges in Multi-Cloud and AI Environments Marianne Kolbasuk McGee (HealthInfoSec) • June 29, 2026     10 Minutes    Credit Eligible Get Permission Audio Player 00:00 00:00 Use Up/Down Arrow keys to increase or decrease volume. Anahi Santiago, CISO, ChristianaCare The rapid growth of hospital-at-home programs and home-based care has expanded healthcare organizations' cloud security responsibilities. Patient data increasingly moves beyond traditional hospital environments, creating new protection challenges across public, private and software-as-a-service platforms, said Anahi Santiago, CISO at ChristianaCare. As healthcare delivery evolves, security teams must secure larger volumes of sensitive information while managing increasingly complex cloud ecosystems, she said during an interview with ISMG at the recent HealthSec conference in Boston. "Because the care is taking place outside the four walls of the hospital, the data that is needed in order to care for those patients has to go up to the cloud, and so we're seeing just an exponential increase in what we have to protect and how we have to protect it," she said. Healthcare organizations in the meantime also continue to face challenges with cloud vendors that misunderstand the shared responsibility model, she said. Many providers still rely on cloud service provider attestations instead of validating their own software-layer security controls. "Although a lot of the providers are getting better at understanding that shared responsibility model, we're still finding that we have to educate and contractually require those vendors to get aligned with the model." In this audio interview with ISMG (see link about photo), Santiago also discussed: Top identity and access management challenges involving cloud environments in healthcare; The need for more agile vulnerability management programs as powerful artificial intelligence tools such as Anthropic's Claude Mythos evolve; Why healthcare organizations must strengthen their cybersecurity fundamentals by adopting recognized frameworks such as the National Institute of Standards and Technology's cybersecurity framework and the U.S. Department of Health and Human Services' cybersecurity performance goals. As CISO of ChristianaCare, Santiago has overall responsibility for the organization's cybersecurity and assurance program. She is also a contributor and member of several local, state and federal cybersecurity organizations, including the Healthcare Sector Coordinating Council's Cybersecurity Working Group, the Delaware Healthcare Cybersecurity Alliance and the Philadelphia’s Women and Cybersecurity group. Prior to ChristianaCare, Santiago spent over 10 years as the information security and privacy officer at Einstein Healthcare Network.