Who'd want to be a CISO?

Challenging job, but increasingly well paid

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Australian Cybersecurity Outlook

Aussie healthcare scrambles to catch up

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Just keeping its head above water

New Zealand Healthcare steams forward with minimal security

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

Cyberespionage, and the Need for Norms

Harvard Political Review (external link)

How Concerned Should we be about a Russian State Cyberattack against the US?


Russia’s invasion of Ukraine appears to be bogged down if the reports coming out of the country are to be believed. Indeed troops around Kyiv are currently reported to be withdrawing back to Belarus to regroup and re-arm. The surgical Blitzkrieg to take over the country and replace its elected leaders with Putin-friendly surrogates has failed, and now Russia has been forced to re-evaluate its military objectives and to focus on liberating Donbas and Luhansk from Ukraine and the Ukrainian people who live there. The area is one of many across the former Soviet Union seeded by Stalin with Russian diaspora after annihilating much of the indigenous population in one of many genocidal purges of opponents. In this case, it was a mass purge of Ukrainians.
 
Indeed the Holodomor (Ukrainian: Голодомо́р) in which 4 million Ukrainians were purposely starved to death by Stalin between 1932 and 1933 in order to suppress Ukrainian desires for independence, is perhaps one of the reasons why Ukraine has been so vociferous in its defense against Russian invasion.
 

An Invasion Falling Apart

But as casualties mount, and in particular the deaths of a large number of Russian General Officers, Putin’s hold over the military and therefore political power, looks to be increasingly tenuous. Reports in the media of tanks being driven over commanding officers by unhappy starving soldiers who were misled and lied to by their leadership, poorly trained and led troops shooting unarmed civilians indiscriminately, and a growing realization by Russian troops that they are pawns in an illegitimate conflict with neighbors most of whom speak their own language, is drawing into question the abilities of the Russian military and its leadership.
 
As the Russian body bag count continues to rise and a growing number of funerals are announced back home in Russia of all kinds of senior military officers, so the public will increasingly be aware of the costs of Putin’s folly. The closure of most foreign stores, the inability to fly anywhere as planes are grounded, and a Ruble which has structurally lost 40% of its value since February will be sure to reinforce concerns that Putin is engaged in a conflict much bigger than he has led on.

 

But military power is not all that Putin can muster in his battle with the west. As President, Putin has at his disposal the considerable state cyber forces of the Russian FSB and GRU. These are groups with no shortage of highly destructive cyber weapons, many of which have been used against Ukraine since 2015, and some of which date to the cyber-attacks against Georgia, Estonia, Azerbaijan, and Chechnya,  all the way back to the 1990s. 
 
Putin also has access to the considerable forces of Russian organized cybercrime in return for historically turning a blind eye to their lucrative criminal activities. Indeed, some investigators have concluded an even tighter more collaborative relationship between the Russian President and mob bosses. Putin in other words, has many options open to him for direct and indirect cyber-attacks, though few would believe any claims in current times that Russian organized crime totally operates outside of the influence of Putin and the Kremlin.
 

Russia and Cyberwarfare

The west has in fact been in an ongoing cyberwar with Russia since the turn of the millennium when Russian gangs realized that they could operate their craft of cyber theft and extortion with total impunity from within the bounds of the Russian Federation. Putin and the almost ineffective forces of Russian law enforcement simply turned a blind eye to the gangs and their activities. Perhaps the reported back-handers to police officers helped. Perhaps the sheer power of these gangs was enough to intimidate law enforcement officers. Either way, the illicit foreign exchange inflows of untraceable cryptocurrency continues to boost the struggling Russian economy.

 

The connection between Russian organized crime syndicates and the Kremlin in recent months looks to be a lot less deniable, with evidence suggesting that crime gangs are acting on instruction from the Kremlin and perhaps maybe receiving payment for the acquisition of intelligence gained in their attacks. Take for example the SolarWinds Orion attack, which was attributed to ‘Nobelium’, a group reportedly being directed by the Russian intelligence to infiltrate US federal agencies, while another Russian cybercrime group, ‘DarkSide’, was busy at the exact same time with a high profile and distracting ransomware attack against the Colonial Pipeline cutting off fuel supplies to the southeast of the entire United States.
 

Is Putin likely to respond to increasing western military support of Ukraine?

So far at least, Putin appears to have held back his arsenal of cyber weapons. Supposition is that Putin is concerned that any massive cyber-attack against the west would be sure to result in a powerful response from the west against Russian critical infrastructure including the power grid. It would then be almost impossible for Putin to continue to dupe the Russian people with propaganda stories of an almost insignificant special military operation to rid Ukraine of Nazis. The cat would be out of the bag regardless of whether conscript bodies are returned to their mothers or not, and Putin would be facing enemies from within as well as abroad. It was the unpopularity of the wars in Georgia and Chechnya back home that forced a Russian withdrawal, and the unpopularity of the war in Afghanistan that eventually bankrupted and lead to the collapse of the Soviet Union before it.
 
Indeed, this is perhaps what Putin fears most – a popular uprising against his rule by the very lumpenproletariat he claims to represent. So far however, the Kremlin propaganda machine still appears to be working well and Putin can claim wide-scale popular support at home from the babushkas that believe everything they are told by the state media outlets.

 

While Russia may have some devastating cyber weapons up its sleeve, the NSA is widely regarded to have bigger more devastating cyber weaponry in is arsenal. These include weapons able to effectively take Russia back to the nineteenth century and presumably include the capability to turn off Russia’s power grid, its water, oil, and gas systems, its flight control systems, transportation, and a heap of other critical infrastructure. This would deny Russians, and the Russian war machine with the ability to operate at anything other than at minimal levels and could wreak havoc on military resupply and other logistics.
 
The NSA is not alone however, other Five Eyes nations are thought to have comparable cyber capabilities and would no doubt respond as a group if attacked by Russia. The EU is thought to also have some offensive cyber capabilities, while Israel, less involved in the support of Ukraine against Russian invasion, would likely join in to support the USA and its other allies, despite its current free pass from Russia to attack Hezbollah terrorists operating inside Syria in return for staying neutral. Israel is thought to have some very nasty tricks up its sleeves and based upon its past performance, is less inclined to hold back if ever attacked.
 
So with cyber armies lined up against each other, perhaps we have reached the modern day equivalent of Mutually Assured Destruction (MAD). This was a principle that ensured the global peace between totalitarian east and liberal democratic west, around the use of nuclear weapons from the late nineteen forties to the present day. Given the impact to all of us of an all-out cyberwar between Russia and the west, let’s hope that MAD will keep the cyber weapons firmly locked up.

 

Can Healthcare Tackle IoT, Medical Device Security Challenges?

Join SCMedia Editor Jessica Davis and Cylera's Chief Security Strategist Richard Staynings for a FireSide Chat at VIVE2022 -  the new CHIME / HLTH conference in Miami Beach FL, as they explore the challenges of medical device security.




Could Russia orchestrate cyberattacks against the west?

As concerns rise about the likelihood of increased cyberattacks against the west by Russian cyber forces, so the west is attempting to ready itself. Both the UK and US governments have this week issued warnings to citizens of the rising threats of an attack and urged increased diligence.

Many consider a cyber attack almost inevitable given continuing western military support for Ukrainian defense, a growing army of hackers joining forces with Anonymous that have very successfully and daringly taken down or defaced critical Russian web sites including that of the Kremlin, and a proclivity by Putin to use grey or hybrid warfare against those who dare to challenge his supreme authority.

So far however, all we have seen is the usual ransomware and other criminal cyber-extortion activities of Russia's extensive criminal underworld of organized crime syndicates. A proxy army in waiting that Putin can rely upon to act on his instructions, and one that he can claim any involvement with and plausible deniability when their activities are discovered.

Indeed, Putin is now a master of subterfuge being trained by the Soviet KGB in the art of spy craft and disinformation. Putin has very conveniently turned a blind eye to the criminal activities of Russia's organized crime syndicates for many decades, in part because of their usefulness and in part perhaps because of the reported illicit financial and other support Putin receives from these groups.

But should the west be worried and what steps should westerners take to shore up their own cyber defenses? These are questions that were posed by Stephen and Ellie on the UK's GB News Breakfast show this morning.




Impact of the Russian Invasion of Ukraine

The Russian military invasion of Ukraine has unified the free world against acts of aggression by dictators and autocrats who threaten the territorial integrity of their neighbors. 

After years of bullying, threats and intimidation by Putin and Kremlin against what it regards as one of its vassal states, Russian troops were ordered across the Ukrainian border on Thursday February 24th, 2022. This resulted in almost immediate global financial and trade sanctions by the west and the isolation of the Russian economy. This included a closure of the skies to Russian airlines and other aircraft across Europe, Canada and America and the freezing of Russian state and Oligarch assets all around the world and the sequester of many Russian Oligarch assets including some multi-million dollar luxury yachts. It also included agreement to supply defensive weapons to Ukrainian forces from NATO countries and as far away as Australia.

But concerns have risen sharply that such tacit support of Ukraine against Russia could result in cyber attacks against the west and in particular the United States by Russia's considerable arsenal of GRU and FSB cyber weapons, or the letting lose of Russian organized crime syndicates to launch their own cyber attacks.

In the light of such concerns, University of Denver University, College faculty leaders agreed to come together this evening to examine the impact of the Russian invasion of Ukraine. They were joined by other Colorado academics from Colorado State University and the University of Colorado. 

Join moderator Arianna Nowakowski and panelists Jack Buffington, Eric Fattor, and Richard Staynings as they adeptly navigate complex topics pertaining to the short-term and long-term consequences on security, supply chain, media, and globalization.





Cotswold Radio - The need to secure healthcare IoT


Securing Healthcare and the growing complexity of interoperable health IT / IoT systems and medical devices. Richard Staynings discusses this with James Cunningham, CEO of Core To Cloud, based in Cirencester, Engalnd, and Tony Dale host of the evening Cotswolds Radio broadcast.

Listen to a recording of the live broadcast below:




 

Russia ready to launch cyber attacks on the West in retaliation for economic sanctions

Western governments and companies need to be on a “heightened state of preparedness” for the “high probability” of cyber attacks, as economic sanctions on Russia begin to bite, a senior cyber security expert has told GB News. And it is expected Russia will soon step up its campaign against the West with cyber attacks.

Critical national infrastructure and the banking sector could be the main targets of any attack ordered by Vladimir Putin, according to Richard Staynings, chief security strategist at cyber security firm, Cylera.

He said: “I would say there's a fairly high probability, based upon the types of hybrid warfare that Putin and the Kremlin have executed in the past, that cyber attacks will be launched in this conflict.

“In Chechnya in the 90s, Russia launched its cyber weapons against opposing forces. We've seen it in Georgia and South Ossetia. We've seen it in other parts of the World, where Russia has wanted to extend its influence and to coerce and to bully its neighbours or adversaries.

“I think it's a weapon that's being held in reserve right now, but we certainly need to be on a heightened level of preparedness.

“That means we need to make sure that systems are patched. We need to make sure that we've got adequate cyber defences in place to protect our businesses, our schools and universities, our hospitals our power and oil systems and other critical infrastructure across the country.”

Experts warn although the threat from cyber warfare can seem quite abstract, it has potential real world consequences.

Recent attacks on the health service caused significant disruption. The multiple computerised systems within the West’s aviation sector are also vulnerable to attack.
Cyber security teams are already on high alert. Executives at some of the West’s leading banks and financial institutions have expressed their concern about the possibility of Russian attacks on the banking system in retaliation for being kicked out of the Swift international payments system.

Apart from an attack on some of Ukraine’s critical systems in the initial stages of the invasion, there has been no concerted effort by Russia to attack Western infrastructure in recent weeks, according to security sources.

The leadership in Moscow knows that any cyber attack on the West will be met with a significant response from Western Governments, whose offensive cyber capabilities have been significantly enhanced in recent years.

But if Vladimir Putin decides to give the go ahead for technological attacks, he can also utilise a network of organised criminal gangs to hep him out, according to Professor Ciaran Martin, from the University of Oxford.

Professor Martin, who is the former head of the the UK’s National Cyber Security Centre, said that any Russian cyber attack would come on multiple fronts.

“As well as being one of the most formidable cyber powers in terms of government capabilities, Russia also has the largest concentration by far of serious organised cyber criminals on the planet.” He said.

“In 2021, we saw those criminals disrupt petrol supplies in America, healthcare in Ireland, schools in England, food retail in Sweden, the list goes on.

None of that individually is catastrophic. But if the Russian state were to unleash its ransomware capabilities, its cyber criminal capabilities, while not catastrophic, that could get pretty unpleasant.

Although the West’s computer systems are better protected these days, there are still inherent weaknesses and vulnerabilities that adversaries could seek to exploit, according to Richard Staynings.

“There are certainly still weaknesses in the system.” He said.

“Much has been done to shore up a lot of the critical infrastructure across the UK, particularly the NHS since the WannaCry ransomware attack in 2017.

“A lot of older systems have been replaced and we have new regulations that are forcing NHS trusts and NHS digital to move forward in that space.

“The data security protection tool-kit for example is driving enhancements around IOT medical devices which are inherently vulnerable in our health system today and that is forcing health systems to improve their capabilities.

“But there are still gaps in the fabric, there are still chinks in the armour that we need to be aware exist and we need to take precautions in order to ensure that perpetrators can't get through that armour.”

For now, as Russia concentrates on conventional warfare, it is already fighting off multiple attacks from Western computer hackers, who have turned away from their traditional targets of big business and governments at home, focussing their disruptive talents on Moscow instead.

 

Reproduced from GB News. Original post 18 March 2022. https://www.gbnews.uk/news/russia-ready-to-launch-cyber-attacks-on-the-west-in-retaliation-for-economic-sanctions/250614


Ditial Health Rewired - Smart Health In Practice


Digital Health Rewired was full of highly informative presentations and discussions across many areas of healthcare, but perhaps most forward thinking were 2 days of sessions under the banner of Smart Health in Practice at the Smart Health Stage at the front of the show.

I was proud the share the stage with 4 'greats' in the space of smart health innovation: Declan Hadley UK&I Lead for Cisco, Andy Callow, CDIO at University Hospitals of Northamptonshire, Stephen Dobson, CIO at Lancashire Teaching Hospitals, and Matt Dugdale, Head of Clinical & Digital Innovation, North West Ambulance Service NHS Trust. 

Our discussions focused around a presentation provided by Matt on how the North West Ambulance Service team has transformed its ambulances and offices to become 'Smart' using new smart technology to improve efficiency and the patient experience at the same time. 

Smart hospitals are just one of many changes occurring across NHS trusts, as discrete HIT and HIoT digital systems are integrated and made interoperable by advanced new technology from Cisco, Cylera and others. But as these changes are implemented, we run the risk of gap being created between functional IT and secure IT unless cybersecurity is included from the outset. With a growing number of systems and discrete devices now 'connected' to hospital networks, patient safety and cybersecurity have become major areas of concern.

With warnings by the government to batten down the hatches across critical infrastructure industries like healthcare in the light of rising threat of cyber attack from Russia, keeping patients safe and health IT / IoT systems up and running will be a major challenge if we are to avoid another WannaCry.


My thanks also to a great audience which continued to ask questions off-stage well after our allotted time had gone and almost into the next session.

 

Should we be worried about state-sponsored cyber-attacks against hospitals?

Absolutely we should!


For the past decade and a half, the criminal underworld, Russian Mafia and other organized crime syndicates in the former Soviet Union have provided a constant reminder of both the fallibility of modern IT systems and the tenacious expertise of Russian hackers and their cyber-criminal community. In what now seems like background white noise, these highly organized perpetrators have executed a near constant campaign of cybertheft, cyber-extortion, and denial of service attacks. 

Attacks have included a long list of crippling ransomware campaigns that have disabled almost the entirety of national health systems like the Irish HSE and Irish Health System, to the near bankrupting of several large private US health systems, to causing small medical and dental practices to have to close up shop, all in the past year.  This has denied critical medical services to thousands of patients and contributed to increases in patient morbidity and mortality. Yes, Russian cyber criminals have killed innocent people, perhaps not directly or intentionally, but nevertheless their greed and lack of ethical restraint has caused great pain and suffering to thousands. But, the capabilities of these gangs pales into insignificance when compared to the resources and capabilities of nation states.

WannaCry which in 2017 crippled much of UK NHS as well as other providers of health services around the word was a (flawed) cyber weapon created by the DPRK to raise hard currency following international sanctions on Kim Jong Un’s autocratic hermit kingdom. The DPRK’s subsequent cyber weapons have been much less flawed, and have drained many cryptocurrency exchanges and large sums from the Bank of Bangladesh among a long list of other victims. With the exception of its attack against Sony Pictures, Lazarus Group and other DPRK cyber forces operate very similarly to any other criminal enterprise raising cash for the Kim family’s lavish living and to purchase rocket fuel for his pet ICBM and nuclear weapons programs.

Not Petya, a highly destructive wiperware which initially masqueraded itself as a fake ransomware attack, hit the world right on the heels of WannaCry and was quickly attributed to the Russian government, specifically the Sandworm hacking group within the GRU Russian military intelligence organization. Initially designed to target the Ukrainian MeDoc tax accounting application in a software supply chain attack, it quickly spread worldwide to any company and country doing business in Ukraine and took down many of the world’s largest companies including shipping company Maersk, FedEx, pharmaceutical giant Merck, and French firm Saint-Gobain. Each of these organizations spent hundreds of millions of dollars to restore data and systems that NotPetya had encrypted beyond repair. Not Petya destroyed tens of thousands of computer systems and resulted in losses in excess of $10bn USD globally. Already a pariah, the Russian state after this devastating attribution, became synonymous with cybercrime and cyberwarfare across the international community. In a major home goal, NotPetya ended up also wiping a large number of computer systems in Russia for organizations that also conduct business with Ukraine
 
Step forward a few years to 2022 and Russia is up to its old tricks again. A few hours before Russian tanks began rolling into Ukraine, Microsoft raised the alarm warning of a never-before-seen piece of “wiper” malware that appeared aimed at the country’s government ministries and financial institutions. ESET Research Labs, a Slovakia-based cybersecurity company, said it too had discovered a new ‘wiper’ while security experts at Symantec’s threat intelligence team said the malware had affected Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine. ESET has called the malware which renders computers inoperable by disabling rebooting, HermeticWiper, while Microsoft has named it'd discovery FoxBlade.

The trouble with any kind of cyber weapons, no matter how targeted they are, is that these weapons do not recognize national boundaries (just as Putin didn’t recognize Ukraine’s) and so are bound to get out into the global community of interconnected IT systems. Fortunately, and so far at least, the HermeticWiper malware does not appear to be self-propagating, whereas NotPetya was deliberately designed to spread laterally and stealthily. There are no doubt many other offensive cyber weapons being deployed against Ukraine and its allies this week as Putin escalates his attack.

But the real danger is not just in the powerful nation state weapons, but with the semi-professional hackers and organized crime syndicates. Russia has the world’s largest non-state criminal cyber infrastructure employing tens of thousands who are engaged full time in cybercrime, cybertheft, and cyber-extortion. Putin for various reasons has turned a blind eye to their criminal activities for decades allowing these groups to grow and prosper. These criminals are already using the smokescreen of conflict in Ukraine to launch fresh ransomware attacks against the west, and evidence suggests that Putin has recently instructed them to go all-out to help Mother Russia. Putin has organized a personal crusade of military kinetic and cyber offensive capabilities and paired this with an extensive criminal underground in an attempt to overwhelm the west.

On the other side, the call has gone out for Ukrainian cyber gangs to launch an all-out offensive against the institutions of the Russian Federation, and they have been joined by Anonymous and many other international hacktivists. If we are to believe the reports coming out of Russia, then many of the Kremlin’s public systems have been taken down by cyber-attacks. This tit-for-tat action risks serious escalation, and Russia which is widely acclaimed to have invented the concept of cyber-warfare during its two brutal wars against Chechen separatists, is sure to have some very powerful, very devastating cyber weapons in its war chest. Of course so too does the USA, UK, and many other countries. These weapons if ever launched would wreak devastation akin to a nuclear war and wipe out just about anything electronic. Given our reliance upon IT systems today, especially in hospitals this would not end well for patients, resulting in a significant rise in patient morbidity and mortality. The trouble for the west is, that these cyber weapons would cause far greater damage to advanced western institutions than to former Soviet ones in Russia, Belarus, Kazakhstan, and Chechnya supporting Putin where computerization is less prevelent.

We should be taking every precaution to patch all systems, ensuring the legitimacy of patches by examining hash values before deploying, by enforcing multi-factor authentication for all users, and by disconnecting and isolating systems which cannot be properly secured. Staff should be briefed on the need for heightened awareness and told to take extra precautions in their day-to-day activities. 
 
But first however, we need to fully understand what is connected to our networks and who is accessing our systems. In this day and age of heightened threats, we need to understand what is 'normal' so that abnormal or 'anomalous behavior' can be flagged and quickly isolated. The inconvenience of kicking a user off of a system and inconveniencing them, should be far less of a concern than the safety of a patient on life support being kept alive by a collection of connected medical devices.


Podcast: A Career in Cybersecurity

What is 'Cybersecurity', why is it so important today, and why do developed western societies need better cyber protection? Join Denver University Adjunct Professor and Chief Security Strategist for Cylera, Richard Staynings, as he describes the risks, rewards and opportunities for those seeking a career in this rapidly growing field.






Pueblo Community College Cybersecurity Lecture

 

It was great to present to the students and faculty of Pueblo Community College in southern Colorado this past week. The opportunities for those entering the profession from ICT cybersecurity and Healthcare programs like those at PCC are tremendous. My thanks to the faculty for organizing such a great event and to Mike Archuleta, CIO at nearby Mt San Rafael Hospital and fellow Health Informatics and Cybersecurity Luminary who also presented to students.



Challenges for 21st Century Healthcare

Healthcare currently faces many unique challenges. It is an industry currently undergoing the most dramatic transformation in its history. Covid-19 ravaged hospital finances and forced providers to pivot from lucrative consults and elective surgeries to pandemic emergency care. This in turn led to the need for another (long overdue) pivot towards telehealth, telemedicine and remote health services as patients were told to avoid hospitals. And of course, this all happened during an industry-wide move towards digital transformation, interoperability, a massive growth in the number of medical and other healthcare IoT devices, and enhanced adoption and deployment of artificial intelligence across the industry, each bringing its own unique security challenges.

As if these transformational challenges were not enough, healthcare is also one of 16 US Critical Infrastructure Sectors under PPD-21, and therefore a potential target of nation-state cyber-warfare attacks against the United States. Given a long history of such attacks by the Russian GRU against other countries and a proclivity by the Kremlin to give carte blanch to Russian Mafia proxies engaged in cybercrime, risks are high that an imminent attack could be launched against US healthcare.

A cyberattack against healthcare is not just an act of cyber extortion or cyber warfare, it risks the lives and safety of patients. When HIT and HIoT systems are not available because of cyberattack, patient morbidity and mortality rates increase, just as they did under the North Korean 'Wannacry' or Russian GRU 'Not Petya' attacks of 2017.

In 2022, the ability of hospitals and other providers to withstand a devastating ransomware or other cyberattack has improved, but providers are in no way impregnable. The industry lacks the material and people resources necessary to mount a full defense. It is therefore vulnerable and in need of supplementary security services. Services that are perhaps best addressed by managed security services providers (MSSPs) and others with deep security domain expertise.

Clinical, technological and security resourcing across healthcare has been stretched to the limit exacerbated by clinicians leaving the industry en-masse and a global shortage of cybersecurity professionals in which healthcare has found it increasingly hard to compete for scarce resources. There has also been a skills mismatch as re-skilling of staff has not kept up with the adoption and implementation of new technologies. 

Given the growing challenges of securing healthcare and keeping patients safe, I challenged four leading technology and security executives with these problems at the recent Denver Managed Security Services Forum. Hear their thoughts in the video recording below.



Panelists:

Mike Archuleta, Chief Information Officer, Mt San Rafael Hospital
Kevin Coston, Sr. Technical Security Specialist Healthcare, Microsoft
Randall Frietzsche, Enterprise Chief Information Security Officer, Denver Health
Howard Haile, Chief Information Security Officer, SCL Health

Moderator:

Richard Staynings, Chief Security Strategist, Cylera





The New Reality of Securing Healthcare


Securing healthcare has never been either easy or straight forward given the patient safety dynamic of the industry, but after nearly two years of dealing with the global COVID pandemic, that challenge is now a whole lot harder.

COVID19 caused a massive an immediate pivot across healthcare as patients consults were forced to go online via telehealth and telemedicine. At the same time non-clinical healthcare workers were sent away from hospitals to work from home. Combined this resulted in a significantly changed threat surface that cyber perpetrators were quick to exploit and take advantage of with a succession of ransomware and other extortion attacks and by nation-state sponsored theft of COVID clinical research and vaccine drug formulations.

Since the pandemic there has been a 600% increase in cyber attacks against healthcare entities and many have been knocked off-line for multiple weeks trying to recover from attack. This has resulted in some critical healthcare services not being available to some areas of the country at a very critical time in public health safety. It has also been a very unwelcome distraction to those caring for COVID infected patients and others with non-COVID related diseases seeking treatment.

Despite evidence to the contrary in the latest Healthcare Innovation Survey, many significant healthcare cyberattacks, go unreported or are down-played by CEOs wishing to minimize reputational and financial damage to the organizations they are in charge of. Many are paid based upon on the value of stock or other financial KPIs so this is hardly surprising and its likely that many providers have yet to discover that they have, were, or are still being attacked given the stealthy nature of APT attacks.

Join Hussein Syed, CISO at RWJBarnabus Health, Mark Hagland, Editor-in-Chief at Healthcare Innovation, and Richard Staynings, Chief Security Strategist at Cylera, as three veterans of healthcare security discuss the new reality of securing this industry and keeping patients safe.



Securing Healthcare in a Post-Covid World

Plainly COVID has changed the paradigm of global healthcare delivery. The industry was forced to pivot quickly to a new and alarming reality and make changes that were necessary but largely unplanned. The pandemic brought about the greatest change to Healthcare technology and working practices ever seen outside of war.

COVID forced us to quickly provide new forms of remote delivery of healthcare services to our patients via telehealth, telemedicine and other remotely delivered services. It forced non-clinical healthcare staff out of dangerous hospitals to their homes where they could work remotely. But all these changes greatly altered the risk posture of healthcare providers and expanded the threat surface to likely attacks.

While diligent security teams have been reassessing risk and security, and slowly implementing new controls to protect against new threats and vulnerabilities, there is still a concerns of what might have been missed. 

Despite new controls, what do we need to consider to make sure that these COVID changes have not exposed our HIT / HIoT systems to elevated risks or more importantly, our patients to new safety concerns?

Cybersecurity has been a secondary consideration for hospital CEOs and their boards for decades, permeated only by minor inconvenient changes to regulations like HIPAA, Joint Commission and HITECH. But the reality is that the healthcare industry is now the target of attack by cyber criminals looking to monetize stolen PHI, PII and research IP, or to hold providers of health services to ransom. 

Plainly, this places consumers of health services at increased risk of patient morbidity and mortality. Patient safety and cybersecurity are now the same thing, interchangeable terms to describe risks to providers and consumers of health services. Yet the reality has not fully sunken in for many. There is a higher chance of you as a patient (and we are all patients at some point in our lives) being negatively impacted by a cyberattack than at any time before. Its no longer a question of convenience, cyber attacks are a question of patient safety.

Listen the the following 38 minute Fireside Chat with Janette Wider, Managing Editor of Healthcare Innovation as Richard and Janette explore the new reality of securing healthcare in a post-pandemic world.

 

 

 

Securing Patient Data, Ensuring Privacy, and Building Trust

With thousands of new medical devices and healthcare applications being designed and developed each year it's no wonder that hospitals have such a hard time securing them against cyber attack. 

With new innovative technologies that improve patient care and clinical outcomes there are many costs and concerns. Integration with other HIT and HIoT systems to accomplish true interoperability becomes increasingly difficult with legacy undocumented systems. 

There are also sometimes risks that need to be considered, and in today's environment of near constant cyber attack against healthcare providers and other critical infrastructure industries. Often these attacks are launched by powerful and well equipped belligerent nation states and organised crime syndicates that operate with apparent impunity from behind the iron curtain.  

But if only new HIT and HIoT systems were designed with security from the outset perhaps securing these technologies would be less difficult. This was the basis of discussion at a recent MedHealth Matchmaking Mixer where HIT / HIoT innovators and manufacturers came together with technology and security experts in the health IT space.  

Follow the discussion in the video below:




The Challenge of Securing Healthcare

What are the biggest challenges facing healthcare security leaders today and how do leaders navigate the almost insurmountable obstacles placed in their way? 

How can we overcome a long list of clinical, financial, operational, and technology risks to secure patient safety and ensure greater operational resiliency for healthcare services?

Join me for an in-depth panel discussion on the challenges and opportunities that healthcare cybersecurity leaders are presented with today.

Speakers:

  • Esmond Kane, CISO Steward Health Care
  • Richard Staynings, Chief Security Strategist, Cylera and Teaching Professor, University of Denver University College
  • Michael Katz, Security Sales Specialist, Infloblox 
  • Moderated by Janette Wilder, Managing Editor, Healthcare Innovation

Panel hosted by Healthcare Innovation as part of the NorthEast Health IT Summit and Cybersecurity Forum.



The cybersecurity of our medical health devices

 

Left-right: Richard Staynings, Chief Security Strategist, Cylera; Jonathan Bagnall, Ph.D., Cybersecurity Global Market Leader, Philips; Andrew Pearce, Senior Digital Health Strategist, HIMSS Analytics (Moderator)

 

Healthcare is plainly a target of cyber criminal and offensive nation-state actors. Not a week goes by without at least one hospital or clinic somewhere being targeted by cyber extortionists or thieves. When COVID started to spread outside of China, university health systems, pharmaceutical companies, and biomedical labs were the target of state cyber actors, out to steal research and formulations into treatment programs, new drugs or vaccines.

Since the world partially shut down, hospitals and clinics have been the target of organized crime syndicates, plying their ransomware tools and other forms of extortion against overwhelmed and under-protected healthcare providers. This is as true for providers in Asia Pacific as it is in the Americas or Europe.

Healthcare was forced to pivot very quickly to remote services like telehealth and telemedicine for patient services, while non-clinical staff quickly found themselves working from home or on furlough, as hospitals scrambled to figure out how they were going to pay their bills, without the usual elective surgeries and other revenue-generating activities that forms the basis of a typical independent health provider's business model.

New technologies, in many cases rapidly implemented, without the usual security assessments and testing, exposed a highly distracted industry to risks. Risks that perpetrators quickly took advantage of and used to their advantage.

This is what we are beginning to describe as the 'Attackers Arbitrage'.

 

Read the Healthcare IT News article for more on this subject.

Watch the linked on-demand video of the subsequent panel discussion between Jonathan Bagnall, Cybersecurity Global Market Leader, with Philips Healthcare; Richard Staynings, Chief Security Strategist with Cylera; and Andrew Pearce, Senior Digital Health Strategist, Analytics, HIMSS



The ‘TRUE’ Cost of a Cyber Attack

It seems that every year the negative impact of a cyber attack reaches dizzying new levels – overlapping regulatory fines, restitution and identity / credit monitoring, punitive damages, and of course incident handling and clean-up costs for fixing what should have been fixed in the first place, had the organization understood the risks and not chosen to ignore them.

But it’s not just as simple as writing off some vast sum of operating profit and having to explain that loss to shareholders or governing boards. Longer term damage to reputation can take years to recover from – if at all. I know of many firms and individuals that will never do business again with an entity that lost their data and caused them so much pain. Do executives and their governing boards even consider the long-term costs of the loss of their reputation?

And what happens when someone dies as a result of a cyber-attack as happened recently at University Hospital Düsseldorf where prosecutors opened a homicide case against the Russian perpetrators of a ransomware scheme? What will be the long-term impact to the university hospital’s funding, to its patient numbers, its standing in the academic and local communities, and how many medical students, doctors and other medical professionals will want to study or work there?

Medical malpractice suits already run to tens of millions of dollars in the US. What is going to be the financial and reputational costs to a healthcare provider when patients expire on the operating table, or while connected to a medical device that is hacked by cyber criminals? Criminals seeking extortion payments or simply trying to expand their foothold on healthcare networks, while inadvertently breaking critical life-sustaining medical devices?

At this point many executives might be accusing me of raising fear uncertainty and doubt or FUD as its also known. But am I? Doesn’t the German woman who died in Düsseldorf when hospital IT systems were attacked with ransomware make this very real? I would wager that the recent German case is not alone and that many other deaths caused by hackers or weak cybersecurity have simply been reported in a different way, conveniently covering up failures in IT and IoT equipment so as to absolve providers from potential legal liability from families and regulators.

Ethical hackers like Barnaby Jack were demonstrating how easy it is to hack a medical device nearly a decade ago. Ever since, security conferences have featured numerous hackathons of medical equipment, and on-stage demonstrations how to hack an infusion pump, XRay machine, or other piece of medical equipment.

Researchers at Ben-Gurion University of the Negev demonstrated last year how easy it was to intercept medical PACS images and change them to add or remove tumors fooling the majority of radiologists and AI software alike. While Cylera last year, discovered an attack vector that can change the content of a medical DICOM image to include malware that can be used to infiltrate the healthcare network, simply by sharing or viewing a PACS image, something that happens thousands of times a day in every hospital.

This is not science fiction or FUD. This stuff is out there in the public domain and working exploits are most definitely in the wild. Another hospital or an entire health system the size of UHS could be attacked tomorrow and rendered unable to treat patients by a cyber attack against vulnerable IT or IoT assets. 

Healthcare providers the world over need to gain a better understanding of what assets they have connecting to their networks and what risks each of those assets represents not only to any patients which may be attached to the device, or being treated by such a system, but also to the broader healthcare network. Any endpoint asset could be used as an infiltration vector and foothold for expanding the attack. You don't need a wooden Trojan horse to get inside the perimeter of a hospital network, just access to an insecure endpoint device. Identifying and risk assessing all your assets is absolutely critical today, and preferably to NIST SP 800-30 standards, which after all is a requirement of the HIPAA Security Rule.

But it’ s not just a risk analysis that is needed to protect patients, providers also need to ensure that they have put in place adequate protections and compensating security controls. This is where many HDOs come unstuck - they simply don't have the staff cycles to even evaluate the risks, let alone remediate potential life threatening problems, even though they may already have some of the tools in place to segment high risk devices from the rest of the network.

The Cylera MedCommand platform automates this entire security risk management workflow identifying and then adding assets to an asset management system, risks to GRC and risk management tools, identifying IOCs and creating alerts via an existing SIEM or MDR, while talking directly with an existing NAC to automatically isolate and quarantine any compromised endpoints before patients are put at risk. Learn more or request a demo to understand how Cylera has used artificial intelligence and machine learning to simplify and automate what would otherwise be a labor intensive and cumbersome task.




Ryuk: Protecting Clinical Engineering from Ransomware Attack


An uptick in the Russian language criminal underground in the run up to the 2020 US presidential election, suggested a massive coordinated campaign to disrupt the United States by destructive ransomware attacks against US hospitals and other healthcare delivery organizations. Whether this was party motivated by the Kremlin to weaken democratic resolve and confidence in the US election systems is so far unknown, as is any intended manipulation of results to favor one presidential candidate over another. What is known however, is that the United States government in coordination with Microsoft and other technology companies, managed to take down the majority of an extensive global Trickbot network a few weeks before this threat was first discovered, so this may have been an attempted retribution for cyber-criminals. Trickbot is used to infect computers with Ryuk and other malicious ransomware software.

The threat was considered so great, and so many prime US hospitals mentioned by name in criminal underground conversations, that the CISA, FBI and HHS held several joint briefings for hospital executives and those who support them. These briefings outlined the nature of the threat, and advised HDOs to be on the look out for anomalous activity that could be an indicator of compromise (IOC), while patching known attack vectors and other security vulnerabilities with all due haste.

The American College of Clinical Engineering in support of its members, requested that Cylera and its threat intelligence entity CyleraLabs based in Madrid, provide a deeper drive on the Ryuk ransomware family, and brief the ACCE membership on IOCs while providing advice to member hospitals how to prevent and recover from any such attack. The following briefing and panel discussion with MDs, security leaders and clinical engineers is the result of that request.

This article was first published at https://blogs.cylera.com

 

Safely Disposing of the Needle in the Haystack: Managing the Cyber Risks of Healthcare IoT


During the early months of the Covid-19 outbreak, healthcare professionals were overworked and under-supplied. Governments were in chaos and squabbling over even the simplest of safety measures. Frontline facilities overflowed with terrified patients.

A nurse adjusts a face mask she’s been wearing for days. The message “smile for me” that she scribbled on in marker, is now as faded and hollow in message, as she feels in her ability to help the sick. She leans against a wall and checks her phone, hoping for a message from her family. She’s too afraid to go home in case she spreads the disease to her children, so she sleeps in the staff break room, along with her colleagues. Text messages are the only tether she has to hope.

An email pops into her mailbox. The subject line reads: “ALL STAFF: CORONAVIRUS AWARENESS”. The message notifies all medical personnel of facility wide online seminars to discuss new treatment measures and safety requirements. Exhausted, she clicks the link and registers for a seminar and thinks nothing more of another pointless bureaucratic task completed.

In the hours that follow, criminals use her credentials to access patient record systems, medical imaging suites and even internet-connected patient telemetry and treatment devices. By morning, every system critical to patient care is locked down with ransomware. The hospital is rendered useless. As administrators work to relocate patients to equally overloaded hospitals, medical staff resort to 1950’s paper-and-pen communication methods, slowing patient care by minutes and even hours. Those lost ticks of the clock, cost the lives of several patients with pre-existing heart conditions. This has actually happened in a hospital shuttered after a coronavirus-themed attack.

Join Mark Sangster from eSentire and the author as they discuss the cybersecurity risks of Healthcare IoT on the CyberSec Decoded Podcast.

Listen to the podcast below: 


 

 

Listen to more CyberSec Decoded podcasts 


 

Healthcare needs all the help it can get.

Understaffed, under-equipped, and under-funded, for security tools and services, the healthcare industry is being targeted by cyber criminals and pariah nation states for the value of its assets. This includes its extensive PHI, PII and valuable clinical trail data and research IP. 

The Russian Federation and the Peoples Republic of China have both this year, been caught red-handed attempting to steal clinical trial and research data surrounding COVID vaccines. And that says nothing of the wholesale theft of other IP from university and pharmaceutical labs, along with other research facilities going back for a decade or more in China's case. 

In fact, the Chinese Communist Party (CCP) has dedicated tens of thousands of PLA officers in its various cyber divisions, to the theft of western IP and commercial trade secrets, as previously reported by Fireeye-Mandiant and many others including this blog. These actions appear to be not only purposefully targetted but part of a centrally directed campaign by Chinese leaders to ensure the success of the the CCPs 'Made in China 2025' program when it plans to be totally self sufficient from the need for western goods and services.

It is however, the rise in extortion attacks that are most worrying. A recent uptick in the level of background chatter in cyber criminal hacker forums, was cause for the FBI, HHS and CISA to issue a threat briefing that healthcare was being actively targeted by Russian Trickbot-Ryuk ransomware gangs, and that healthcare IT and security staff should be on alert. This however was not before a massive ransomware attack had decimated one more US based international health system.

After decades of under-funding and de-prioritization, how can hospitals and other healthcare providers possibly build up their cybersecurity defenses to a level that is needed to protect against a rising wave of attacks and keep patients safe? This was the subject of the first ever Healthcare Managed Security Services Forum recently attracting over 150 attendees and more than 30 speakers and panelists drawn from the crème de la crème of healthcare. A full day virtual conference that heard from CEOs, CIOs, CISOs, CMIOs, Professors and Doctors of Medicine, and more than a few experts in the field of clinical engineering and biomedical / HIoT security. 

I was privileged to be asked to compère for the the all day event. Listen to the kick off below: 

The Cost of a Data Breach


According to the IBM / Ponemon 2020 Cost of a Data Breach Report, data breaches cost businesses an average of $3.86 million per incident. The report is based on 524 companies that experienced data breaches globally. Unsurprisingly, the U.S. continues to have the highest average cost per breach ($8.64 million), while Brazil has the lowest one ($1.12 million).

The cost of a data breach includes losses such as lost business, legal fees, and compensation & restitution to affected customers. Its also includes rising cyber investigation expenses and fines for compliance failures. According to the report, there are 4 main areas in that lead to this growing cost. These include:
  • Detection, escalation, and investigation, incident handling, etc.
  • Lost business with customers and partners
  • Notification of affected parties, partners, and regulatory authorities
  • Cleanup and response including the remediation of vulnerabilities that should, in retrospect, have been fixed long before the breach

These sums do not include the cost of the loss of reputation, nor do they include business lost forever as a result of loss of confidence by partners and customers, some of whom may have been significantly damaged as a result of the cybersecurity incident, or the failure of the attacked company to deliver according to contractual agreements during the incident.

Nor do these figures include the expanded costs of investigation and clean up of a distributed 'remote' workforce as has become common under COVID restrictions in 2020. In such cases this average cost rises to over $4 million US dollars the report concludes.

According to the study, the average time to identify and contain a breach is 280 days, 207 days to identify the problem and 73 days to contain it. This indicates that most organizations do not have effective 24/7 security operations monitoring or incident response capabilities, and that many incidents often go unnoticed till a regulator intercedes, by investigating a discovered breach of non-public data.

While cyber-forensic investigation is not cheap by any means, the greatest costs to businesses of a breach is lost business, the reports claims, which represents about 40% of the total average cost of a data breach. In other words, out of the average $3.86 million that a breach costs, around $1.5 million is linked to loss of revenue and customers.

Most importantly however, the report points out that security breaches directly affect the company's reputation, damaging the brand and impacting acquisition and retention of business. While some consumers may be extremely fickle chasing the best deal regardless, others may be lost forever.

Healthcare

While all industries are affected by data breaches, the costs of a healthcare breach far exceeds all other verticals. It is perhaps the combination of a rich and diverse source of data - PHI, PII and IP, found in hospitals and clinics, and the regulatory protections enforced under law that make healthcare a particularly expensive breach proposition. The healthcare industry’s breach life-cycle is also longer, averaging about 329 days compared to the overall average of 280 days. That leads to higher costs. At the same time, healthcare spends less on cybersecurity than most other industry verticals, and so is an easy target for cyber criminals and pariah nation states given its relative lack of preparedness.

“Healthcare is a highly regulated industry and faces a lot of regulatory burdens when it comes to remediation of a breach, and there are a lot of additional costs with medical records compared to other types of record.” claimed Charles Debeck, senior threat analyst at IBM X-Force IRIS.

While rising CEO Fraud or Business Email Compromise (BEC) accounted for 5% of malicious breaches, the average cost of a ransomware breach was a staggering $4.44 million. Though the average cost of a breach is relatively unchanged from 2019, IBM says the costs are getting smaller for prepared companies and much larger for those that don’t take any precautions.

"If you dig deeper into the data what we saw was an increasing divergence between organizations that took effective cybersecurity precautions versus organizations that didn't." claimed Debeck.

“This divergence has been increasing year over year; the organizations that are engaging in effective cybersecurity practices are seeing significantly reduced costs, the organizations that aren't engaging in these same practices are facing significantly higher costs” he added.

"Given the massive size of recent GDPR fines, OCR penalties, and state breach rules, most of which are not reported in time, it undoubtedly makes a lot more sense to invest in security up front, rather than to throw the dice and take a chance that it won't be you that gets hit with a cyber incident," claimed Richard Staynings, Chief Security Strategist with Cylera, a pioneer in the security of medical and HIoT devices. "The problem is, that in healthcare, most HIPAA Covered Entities have at best, only a partial appreciation of where their PHI data resides. Most don't consider the thousands of medical devices on their networks, or what data resides on each of those devices. Now that HIoT devices outnumber IT endpoints such as workstations, laptops and servers, healthcare IT and security teams are often looking in the wrong places for risks and vulnerabilities," he added.

Read the full Ponemon Report for details.

This article was first published at cylera.com

 

 

Tweens and Technology

Cybersecurity interns and entry level recruits aren't dropped off by the stork - they need to be nurtured!

I have written much about the need to better equip the children of today for the jobs of tomorrow, particularly when it comes to building a knowledgeable and capable cybersecurity workforce. The Cisco Annual Cybersecurity Reports and many other organizations with a vested interest in a ensuring a good pipeline of entry level recruits, have been highlighting the gap between available resources and cybersecurity job openings for many years now. Despite theirs, and many others, best efforts, the gap between demand for cybersecurity professionals and the available supply, appears to be getting larger each year. 

This is not that our cyber and technology-equipped school leavers aren't increasing numerically or in the depth of their skills, but that those numbers are not increasing fast enough to keep pace with demand. 

A lot of children are also being left behind, starting school with little to no exposure to math, sciences or technology. Many lack a computer at home or any form of access to the Internet till they get to school age, by which time they are well and truly left behind. Many children today learn the basics of computing and technology at 2 or 3, at or before Pre-School. They arrive in Kindergarten with the know-how to operate a computer, engage in educational games and other learning content and will be on their way to basic programing by second or third grade. Starting early appears to be critical to success in life, and with technology as perhaps the critical pillar for academic study, work, and success after school, who can blame parents for wanting their children to be provided every opportunity for development and future success. 

But many children are disadvantaged by poverty, unequal access to education and parent(s) working 3 jobs and therefore are not able to spend time with their off-spring at a critical stage of their development. This is where Tweens and Tech comes into play, providing educational technology-based summer camps and free computers to primary and middle school children in the Raleigh Durham area of North Carolina. But Tweens and Tech provides much more than that, so please read their words on their website rather than mine on this one - a great organization performing a worthy and noble cause, and one replicating quickly in other states across the country.

Today I was pleased to join a Fireside Chat with Dr. Anindya Kundu, a Senior Research Fellow at the City University of New York who has written extensively in early childhood development, Rob Martin from Cisco who helped start the Tweens and Tech organization with Derrick Thompson its founder, and two participants of the program - one a current student, the other a graduate of the program and now a teen volunteer.  
 
Watch the video recording of our discussions below:




Cybersecurity As You Return to School


 With the COVID-19 pandemic forcing most undergraduate and postgraduate classes online, students face multiple challenges, not least of which is securing their work and study environment from increasing levels of cyber attack.

As we are all distracted by our isolation at home, many of us forced out of our comfort zone, and with few opportunities to share concerns with others, cyber criminals know they have weak and easy targets.

The following is a video recording of a panel discussion between various University College professors of cybersecurity at Denver University.


Ai Will Radically Change Healthcare Security


Artificial intelligence is becoming increasingly important in the defense of healthcare providers and patients, while the number and size of cyber attacks against the industry continues to rise to unprecedented levels. All this at a time when many of us are distracted by the current pandemic and in dire need of health services - perhaps now more than ever in our past, other than perhaps in times of kinetic military conflict.

Our outdated security tools and other controls simply cannot cope with sophisticated APTs - (advanced persistent threats) from pariah nation state military espionage units. Nor can it cope with a newly emboldened Eastern Mafia, where organized crime syndicates operate with impunity from behind the former Iron Curtain, seemingly immune from local law enforcement, prosecution, or deportation to the civilized world, where law and order still largely prevail.

Many of these attacks in fact, whether conducted by military officers or proxies, are nothing more than a form of cyber warfare in order to further the political and economic objectives of their host regimes. Destabilizing the more successful west has been an ambition of the USSR since the advent of the Cold War. Today cyber attacks and information warfare add a new dimension to achieve this lasting objective in the competition for global power. Indeed this cyber conflict has been carefully engineered to take advantage of the trickle technique, where on an ongoing trickle of seemingly innocuous minor attacks has been engineered to weaken the internals of other countries over time, careful not to cross a line in the sand that might cause a massive kinetic or other response from the nation being attacked. 

Mainland China's objectives appear to be similar to that of the Russian Federation in its goals of world domination, only less focused on fermenting internal division and more on obtuse power conflict and long term theft of any advantages other nations, including the Russian Federation may possess.

The fact it that as cyber defenders we need better tools to defend and protect against attackers and higher levels of automation since we are out-gunned and out-manned at least 5 to 1 attackers to defenders.

In my presentation below I talk about the rising tide of sophisticated well funded cyber adversaries, the advent of deepfakes, CEO Fraud or Business Email Compromise (BEC) as its also known, and how AI is making these scams even more convincing and difficult to detect. I talk about the need for us to develop and implement AI-based cyber defensive tools to inoculate our networks against attacks. I discuss the need to protect healthcare providers, staff and patients from attack that could result in patient harm or even death. Increased automation and machine intelligence will permit us to respond quickly and thoroughly, and to thwart attacks before patient safety and HIT system availability are impacted.

In healthcare, we need to up our game on the security front. We need to understand what we have connected to our healthcare networks and what risks they pose. We need better threat intelligence and we need better defensive tools to protect against attack. We also need to remove the need and delay for humans to intervene against attacks in process.

As healthcare continues to digitize for improved interoperability and efficiency, cybersecurity needs to be front and center in design considerations and budget allocation if more deaths are to be avoided. Watch my 30 minute presentation below for more on this subject.



This article was first posted at Cylera.Com

Ai & Automation in Healthcare Security

An increasing reliance upon healthcare IT and IoT including thousands of medical devices and wearables to deliver health services is changing the balance of risk across the industry

There was a fine balance between health technology services, risk and security before 2020. Some would say that this balance was nothing of the sort and that the entire healthcare life sciences industry has been accepting far too many cybersecurity risks for far too long as exemplified by all the ransomware attacks against hospitals going back 5 or more years. Or the massive theft by a nation-state of Anthem's entire health insurance customer database in 2015. Most pharmaceutical and clinical research organizations have also been targeted by cyber attack and intellectual property theft for at least a decade and most recently by a number of nation-states all in search of data on COVID-19 cures. No matter how you view the evidence, the healthcare industry out-gunned and out-manned has not fared well against a well funded and highly motivated cadre of cyber thieves and extortionists.

Now enter COVID-19 this year and the massive digital transformation forced upon HDOs in order to spin-up telehealth and telemedicine plans to diagnose and treat patients from their homes rather than on-prem, and at the same time support a non-clinical workforce all working remotely from home.

The threat surface more then doubled over night and risks exploded, all at a time that healthcare CEOs were focused upon pandemic disease management, treating COVID patients, and keeping HDOs financially afloat without their lucrative elective procedures - A throw-back and lasting legacy of the "pay per service" model of US healthcare.

With furloughs of IT and in some cases security staff too, in order to stop the hemorrhaging HDOs suddenly became massively at risk of cyber-attack at precisely the worst possible time. Perpetrators quickly recognized their opportunity and the cyber attacks of 2020 bear witness to the perfect storm impacting healthcare today.

With a steady stream of new technologies to support telehealth, and the replacement of nursing staff with medical devices to monitor and manage patients remotely as far as possible, how are hospital security leaders possibly going to protect healthcare IT and IoT systems from attack and keep patients safe?

With limited budgets and security headcount (or the availability of additional security resources), automation and increased use of artificial intelligence is a CISO's only recourse. This was the subject of my panel discussion recently at the Denver AI & Automation Security Forum where I was privileged to moderate a panel of experts in the field including: 

  • Dr. Benoit Desjardins, M.D., Ph.D, Associate Professor of Radiology and Medicine at the University of Pennsylvania, 
  • Michael Archuleta, CIO at Mount San Rafael Hospital 
  • Powell Hamilton, CISO at Centaura Health 
  • Esmond Kane, CISO at Steward Health 
  • Joe Searcy, CSO at Elemental Health


Watch the 30 minute video to hear what each of these experts had to say.


This article was first posted at Cylera.Com