Impact of the Russian Invasion of Ukraine

The Russian military invasion of Ukraine has unified the free world against acts of aggression by dictators and autocrats who threaten the territorial integrity of their neighbors. 

After years of bullying, threats and intimidation by Putin and Kremlin against what it regards as one of its vassal states, Russian troops were ordered across the Ukrainian border on Thursday February 24th, 2022. This resulted in almost immediate global financial and trade sanctions by the west and the isolation of the Russian economy. This included a closure of the skies to Russian airlines and other aircraft across Europe, Canada and America and the freezing of Russian state and Oligarch assets all around the world and the sequester of many Russian Oligarch assets including some multi-million dollar luxury yachts. It also included agreement to supply defensive weapons to Ukrainian forces from NATO countries and as far away as Australia.

But concerns have risen sharply that such tacit support of Ukraine against Russia could result in cyber attacks against the west and in particular the United States by Russia's considerable arsenal of GRU and FSB cyber weapons, or the letting lose of Russian organized crime syndicates to launch their own cyber attacks.

In the light of such concerns, University of Denver University, College faculty leaders agreed to come together this evening to examine the impact of the Russian invasion of Ukraine. They were joined by other Colorado academics from Colorado State University and the University of Colorado. 

Join moderator Arianna Nowakowski and panelists Jack Buffington, Eric Fattor, and Richard Staynings as they adeptly navigate complex topics pertaining to the short-term and long-term consequences on security, supply chain, media, and globalization.

Read More

Challenges for 21st Century Healthcare

Healthcare currently faces many unique challenges. It is an industry currently undergoing the most dramatic transformation in its history. Covid-19 ravaged hospital finances and forced providers to pivot from lucrative consults and elective surgeries to pandemic emergency care. This in turn led to the need for another (long overdue) pivot towards telehealth, telemedicine and remote health services as patients were told to avoid hospitals. And of course, this all happened during an industry-wide move towards digital transformation, interoperability, a massive growth in the number of medical and other healthcare IoT devices, and enhanced adoption and deployment of artificial intelligence across the industry, each bringing its own unique security challenges.

As if these transformational challenges were not enough, healthcare is also one of 16 US Critical Infrastructure Sectors under PPD-21, and therefore a potential target of nation-state cyber-warfare attacks against the United States. Given a long history of such attacks by the Russian GRU against other countries and a proclivity by the Kremlin to give carte blanch to Russian Mafia proxies engaged in cybercrime, risks are high that an imminent attack could be launched against US healthcare.

A cyberattack against healthcare is not just an act of cyber extortion or cyber warfare, it risks the lives and safety of patients. When HIT and HIoT systems are not available because of cyberattack, patient morbidity and mortality rates increase, just as they did under the North Korean 'Wannacry' or Russian GRU 'Not Petya' attacks of 2017.

In 2022, the ability of hospitals and other providers to withstand a devastating ransomware or other cyberattack has improved, but providers are in no way impregnable. The industry lacks the material and people resources necessary to mount a full defense. It is therefore vulnerable and in need of supplementary security services. Services that are perhaps best addressed by managed security services providers (MSSPs) and others with deep security domain expertise.

Clinical, technological and security resourcing across healthcare has been stretched to the limit exacerbated by clinicians leaving the industry en-masse and a global shortage of cybersecurity professionals in which healthcare has found it increasingly hard to compete for scarce resources. There has also been a skills mismatch as re-skilling of staff has not kept up with the adoption and implementation of new technologies. 

Given the growing challenges of securing healthcare and keeping patients safe, I challenged four leading technology and security executives with these problems at the recent Denver Managed Security Services Forum. Hear their thoughts in the video recording below.

Panelists:

Mike Archuleta, Chief Information Officer, Mt San Rafael Hospital
Kevin Coston, Sr. Technical Security Specialist Healthcare, Microsoft
Randall Frietzsche, Enterprise Chief Information Security Officer, Denver Health
Howard Haile, Chief Information Security Officer, SCL Health

Moderator:

Richard Staynings, Chief Security Strategist, Cylera

Read More

Converging Paths

Patient safety has always been a major concern for healthcare providers but never before has it been so inextricably linked with cybersecurity. This is a subject I have blogged about, lectured to students of healthcare and cybersecurity, and spoken about to audiences of senior healthcare leaders at conferences and summits all over the world.

It's a convergence that we all need to become familiar with as enterprise risks change across the industry and the threats to the business evolve as we increasingly digitize.

Today, I had the pleasure of sharing this message with the HIMSS Cybersecurity Community. A community of healthcare leaders, technologists and security professionals that do their best to make sure that your non-public information remains confidential, integral and available, and that the IT systems employed to diagnose, treat, and monitor you as a patient, do not become compromised by nefarious nation states or cyber criminal actors. The HIMSS Security Community does a great job of sharing information across thousands of providers globally, to help leaders protect their patients and their patient data.

We all know that the global healthcare industry has problems and needs all the help in can get at a time of aging populations, static budgets and increased cyber risk. What compounds these concerns is a long history of under funding for the day-to-day security of hospitals and clinics, and  the longer term maintenance and replacement of end of life IT systems.

This is a subject that I will be addressing in more detail with Jason Hawley, CIO and CISO at Yuma District Hospital at the HIMSS Annual Conference this year in Orlando on Monday February 11th. If you are planning to attend HIMSS19, please come along to the Security Forum and join us as we dig deeper into this subject.

For those able to attend my webinar today, many thanks and it was great to address many of your questions. For those unable to attend I have posted a link to the WebEx recording and to my presentation slides below.

Webinar Recording

Presentation

Read More