Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

The Rising Threat of Offensive AI

Can we trust what we see, hear and are told?

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Pueblo Community College Cybersecurity Lecture

 

It was great to present to the students and faculty of Pueblo Community College in southern Colorado this past week. The opportunities for those entering the profession from ICT cybersecurity and Healthcare programs like those at PCC are tremendous. My thanks to the faculty for organizing such a great event and to Mike Archuleta, CIO at nearby Mt San Rafael Hospital and fellow Health Informatics and Cybersecurity Luminary who also presented to students.



Challenges for 21st Century Healthcare

Healthcare currently faces many unique challenges. It is an industry currently undergoing the most dramatic transformation in its history. Covid-19 ravaged hospital finances and forced providers to pivot from lucrative consults and elective surgeries to pandemic emergency care. This in turn led to the need for another (long overdue) pivot towards telehealth, telemedicine and remote health services as patients were told to avoid hospitals. And of course, this all happened during an industry-wide move towards digital transformation, interoperability, a massive growth in the number of medical and other healthcare IoT devices, and enhanced adoption and deployment of artificial intelligence across the industry, each bringing its own unique security challenges.

As if these transformational challenges were not enough, healthcare is also one of 16 US Critical Infrastructure Sectors under PPD-21, and therefore a potential target of nation-state cyber-warfare attacks against the United States. Given a long history of such attacks by the Russian GRU against other countries and a proclivity by the Kremlin to give carte blanch to Russian Mafia proxies engaged in cybercrime, risks are high that an imminent attack could be launched against US healthcare.

A cyberattack against healthcare is not just an act of cyber extortion or cyber warfare, it risks the lives and safety of patients. When HIT and HIoT systems are not available because of cyberattack, patient morbidity and mortality rates increase, just as they did under the North Korean 'Wannacry' or Russian GRU 'Not Petya' attacks of 2017.

In 2022, the ability of hospitals and other providers to withstand a devastating ransomware or other cyberattack has improved, but providers are in no way impregnable. The industry lacks the material and people resources necessary to mount a full defense. It is therefore vulnerable and in need of supplementary security services. Services that are perhaps best addressed by managed security services providers (MSSPs) and others with deep security domain expertise.

Clinical, technological and security resourcing across healthcare has been stretched to the limit exacerbated by clinicians leaving the industry en-masse and a global shortage of cybersecurity professionals in which healthcare has found it increasingly hard to compete for scarce resources. There has also been a skills mismatch as re-skilling of staff has not kept up with the adoption and implementation of new technologies. 

Given the growing challenges of securing healthcare and keeping patients safe, I challenged four leading technology and security executives with these problems at the recent Denver Managed Security Services Forum. Hear their thoughts in the video recording below.



Panelists:

Mike Archuleta, Chief Information Officer, Mt San Rafael Hospital
Kevin Coston, Sr. Technical Security Specialist Healthcare, Microsoft
Randall Frietzsche, Enterprise Chief Information Security Officer, Denver Health
Howard Haile, Chief Information Security Officer, SCL Health

Moderator:

Richard Staynings, Chief Security Strategist, Cylera