Health care organizations, with their vast reserves of highly sensitive data, are often prime targets for ransomware groups. Last year alone, there were 677 health care cyber-attacks, including a massive Ascension breach that resulted in at least six class action lawsuits.
To address a rising tide of cyber threats in the industry, Newsweek hosted the live webinar, “Is Your Hospital Cyber-Safe? How to Anticipate Unseen Threats,” on Thursday, April 10.
Newsweek Health Care Editor Alexis Kayser moderated the panel discussion. Participants included Theresa Lanowitz, chief evangelist at LevelBlue, formerly AT&T Cybersecurity; Trent Sanders, vice president for U.S. healthcare for Kyndryl; and Michael Adams, chief information security officer at Zoom.
During their opening remarks, the panelists recognized that while innovation is critical in the health care sector, innovation also increases risk and expose large networks to cybersecurity attacks.
“We’re clearly seeing increasing sophistication, reach, efficacy of threat actors,” Adams said.
The chief information security officer at Zoom also said that while the labels for threat actors remain unchanged, their attacks continue to “become more and more—not just technological savvy—but aggressive.”
Using artificial intelligence as an example, Adams explained that while a lot of good can come from AI, it is also being leveraged by threat actors to expand the scope of cyberattacks.
Photo-illustration by Newsweek/Getty
To respond to the growing threats being posed by new technologies, Lanowitz urged health care organizations to create a formalized response plan to a cyberattack, noting that LevelBlue’s research has found that only 38 percent of health care organizations have one in place.
“You don’t want to be formulating your plan on the fly as you’re dealing with that breach. You want to make sure you’re prepared, and this is where it has to be driven from the top down,” she said. “The CEO has to make sure that the CTO, the CIO, the CISO are communicating and that they understand the goals and objectives of each one.”
Citing her company’s research that 72 percent of health care organizations don’t understand what cyber resilience is, Lanowitz said leaders may be hesitant to fund activities aimed at an organization’s entire IT estate if they don’t understand how those approaches boost their cybersecurity. She said that when cyber resilience is not prioritized, it can be difficult for organizations to get businesses back online.
“What you end up with is just an isolated cybersecurity team, working the best they can to make sure they’re able to do what they can with the protocols and with the controls that they have in place,” the LevelBlue chief evangelist said. “This lack of communication is something that’s really significantly impacting health care organizations.
“What we recommend is that there’s this cross-functional communication that occurs.”
For Sanders, the quickest and easiest way for health care organizations to step up their security is to identify and eliminate unnecessary enterprise equipment that can pose cybersecurity threats.
“Challenge your leaders to reduce systems in the environment, whether that be laptops, desktops, TC devices, et cetera,” the Kyndryl vice president said. “There’s simple information that you can gather that says, ‘No usage? Get rid of it.'”
Sanders added, “Every piece of equipment that you can get rid of just is one additional checkmark on reducing the attack surface.”
Newsweek‘s Alexis Kayser dives into cybersecurity and other topics on the business of health care on a weekly basis. To sign up for her Access Health newsletter, register here.