The Maturity Paradigm

In healthcare we have an insatiable appetite to adopt new technology

Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Ai & Automation in Healthcare Security

An increasing reliance upon healthcare IT and IoT including thousands of medical devices and wearables to deliver health services is changing the balance of risk across the industry

There was a fine balance between health technology services, risk and security before 2020. Some would say that this balance was nothing of the sort and that the entire healthcare life sciences industry has been accepting far too many cybersecurity risks for far too long as exemplified by all the ransomware attacks against hospitals going back 5 or more years. Or the massive theft by a nation-state of Anthem's entire health insurance customer database in 2015. Most pharmaceutical and clinical research organizations have also been targeted by cyber attack and intellectual property theft for at least a decade and most recently by a number of nation-states all in search of data on COVID-19 cures. No matter how you view the evidence, the healthcare industry out-gunned and out-manned has not fared well against a well funded and highly motivated cadre of cyber thieves and extortionists.

Now enter COVID-19 this year and the massive digital transformation forced upon HDOs in order to spin-up telehealth and telemedicine plans to diagnose and treat patients from their homes rather than on-prem, and at the same time support a non-clinical workforce all working remotely from home.

The threat surface more then doubled over night and risks exploded, all at a time that healthcare CEOs were focused upon pandemic disease management, treating COVID patients, and keeping HDOs financially afloat without their lucrative elective procedures - A throw-back and lasting legacy of the "pay per service" model of US healthcare.

With furloughs of IT and in some cases security staff too, in order to stop the hemorrhaging HDOs suddenly became massively at risk of cyber-attack at precisely the worst possible time. Perpetrators quickly recognized their opportunity and the cyber attacks of 2020 bear witness to the perfect storm impacting healthcare today.

With a steady stream of new technologies to support telehealth, and the replacement of nursing staff with medical devices to monitor and manage patients remotely as far as possible, how are hospital security leaders possibly going to protect healthcare IT and IoT systems from attack and keep patients safe?

With limited budgets and security headcount (or the availability of additional security resources), automation and increased use of artificial intelligence is a CISO's only recourse. This was the subject of my panel discussion recently at the Denver AI & Automation Security Forum where I was privileged to moderate a panel of experts in the field including: 

  • Dr. Benoit Desjardins, M.D., Ph.D, Associate Professor of Radiology and Medicine at the University of Pennsylvania, 
  • Michael Archuleta, CIO at Mount San Rafael Hospital 
  • Powell Hamilton, CISO at Centaura Health 
  • Esmond Kane, CISO at Steward Health 
  • Joe Searcy, CSO at Elemental Health


Watch the 30 minute video to hear what each of these experts had to say.



 

What Keeps Healthcare Security Leaders up at Night?


In these trying times of COVID-19, the cancellation of elective procedures and the general population "avoiding the Doctors Office like the Plague", it's no wonder that hospitals and other HDOs are furloughing staff and tightening their belts. But what does this mean for hospital cybersecurity programs?

The impact of COVID-19 on the healthcare industry has been perhaps been even more dramatic than the transportation and tourism industry, with airlines and hotels going bankrupt all over the world. Both industries have suffered a massive downturn in their traditional business and both have had to quickly pivot to the new reality of conducting business during a global pandemic. But unlike travel and tourism, healthcare has been in the forefront of a treating those infected with the SARS-CoV-2 and dealing with massive levels of disease control, while minimizing those on-site.

At the same time the delivery model for healthcare has drastically changed from on of principally elective procedures and screenings to a model where 90% of business, outside of ICU services for COVID-19 patients, is now conducted remotely via telehealth. In fact, healthcare is widely considered to have undergone the greatest single digital transformation of all time and all within the space of a few weeks, while most IT and security staff were forced to work off-site.

We are condemned to live in interesting times


Cyber-criminals know this too and have plied their craft without let-up since early March with a proliferation of spear phishing campaigns targeting often overworked healthcare staff, many of whom are now working alone from home.

But these are far from the only challenges facing the industry and those whose job it is to secure the systems, data and patient safety so vital to the delivery of healthcare services. Hear from four leaders in the healthcare security and technology space as they discuss the issues facing the sector and offer up some options and effective approaches

  • Richard Staynings, Chief Security Strategist at Cylera 
  • Christian AbouJaoude, CTO at USC Keck School of Medicine. 
  • Esmond Kane, CISO at Steward Health 
  • Brett Cattell, Director of Systems at Robin Healthcare