Consider this a rallying cry: Hospitals, health systems and networks need to join forces, organize, come together as a community, to proactively fend off hackers, hacktivists, organized criminals and other emerging threats all trying to penetrate healthcare entities to either steal patient data or, worse, destroy it altogether.
Its not just WannaCry, Petya, NotPetya, ransomware in coffee makers (yes, that appears to have really happened) or the newest malware strain, either. Yes, they all startled the industry, if not the world, for a flash. And theyre legitimate threats.
But the greater danger is that CISOs, CIOs and their shops regardless of how tech-savviness, how many specialists they boast or even the number of attacks their ace security team has detected, blocked or survived every single healthcare organization must protect against the next big attack even though there is literally no way to know what it will look like or from where it will come.
[Register Now: Upcoming HIMSS Healthcare Security Forum]
To be fair, this is happening. Some hospitals are working together just not nearly enough. Security frameworks, information sharing centers, industry trade groups already exist.
Its time to start operating as a healthcare infosec community because security is only going to get harder.
Embed from Getty Images
Tom Ridge, the first U.S. Secretary of Homeland Security and former Pennsylvania Governor, said that a community approach has worked in other industries.
Can it succeed in healthcare?
Yes, yes, Ridge said. Yes and the information sharing and analysis centers proved to be very helpful in financial services and energy-related industries. That is a great platform within which to share best practices, to share threat information.
Healthcare has an ISAC of its own, too, the NH-ISAC and Denise Anderson is its President.
Obviously we'd love to see as many people situationally aware as is possible, Anderson said.
In response to Petya, for instance, Anderson said NH-ISAC had a core team of subject matter experts working to collaboratively determine what the problem was and then craft a mitigation strategy. Members, in turn, can take that strategy and put it, or parts thereof, into action.
Thats just one recent example, of course. And Penn Medicine Associate CIO John Donohue said the opportunities to collaborate with other healthcare organizations to improve Penns own security posture are significant.
As we begin to shift more to a proactive cybersecurity stance, timely and accurate intelligence becomes the name of the game, Donohue said.
Penn, for its part, taps into what Donohue described as a network of peers for real-time intelligence on zero-day malware and other trending threats.
That practice is going to become increasingly important as hospitals have more and more apps and devices to protect.
Embed from Getty Images
Depending upon which estimate you prefer, somewhere between 5 and 10 million new devices hook up to the internet every day.
Cyber Threat Alliance President Michael Daniel, who served as the White House Cybersecurity Coordinator for President Obama, said that cyberspace is the only environment expanding on a daily basis and that, in turn, makes the security problem both harder and bigger.
As the number of devices grows, so does peoples reliance on them, and the potential damage that can be done when they are attacked expands as well.
They are much more heterogeneous than we saw in the past, Daniel added. Its not just desktops or laptops, but now its mobile devices and Fitbits, refrigerators, and cars, light bulbs and all the so-called internet of things.
Lets calculate for a minute. A greater variety and number of apps and devices, more new types of cyberattacks, even more adversaries than ever before, and no suggestion that any of those will let up in the near future.
Heres one more to add.
I'm not sure anyone has a true handle on all of the organizations involved in healthcare out there, said NH-ISACs Anderson. Hospitals are not the only organizations that are vulnerable. Dentists, small physician practices, labs, radiological and therapy providers are all very rich targets because they are small and don't have many resources.
The sum of those realities is a pretty grim picture: Healthcare information security is difficult today and its only going to get harder from here.
Not only hospital management but the boards of directors need to embrace the fact that the industry is vulnerable and they really have to prioritize securing IT systems.
Ridge pointed out that hospital IT and security executives should be aware that the world is in a digital war and its not just nation-state against nation-state. Organized cybercriminal groups, hackers and hacktivists, lone wolf attackers are all dangerous.
Corporate leadership, Ridge said, not only hospital management but the boards of directors need to embrace the fact that the industry is vulnerable and they really have to prioritize securing IT systems.
Ridge said a security framework, such as the one National Institute of Standards and Technologys offers, is a baseline. NIST is one option, HITRUST is another.
In addition to the frameworks, the Department of Health and Human Services Health Cybersecurity Communications and Integration Center, the InfraGard cyber health working group and industry trade groups including Healthcare IT News owner HIMSS, as well as the Medical Group Management Association and the American Medical Association, all make certain resources available.
Lee Kim, Director of Privacy and Security at HIMSS, said the combination of frameworks, associations, government groups could be the virtual glue binding together the infosec community healthcare needs.
Penns Donohue said as threats continue accelerating, he finds himself participating more and more in the intelligence sharing community.
As a result of this collaboration Penn Medicine has been able better prepare for vulnerability exploits and minimize the impact of malware attacks, Donohue said.
Healthcare needs to do with its IT systems what financial services, telecom and energy have already done. Be preemptive, not reactive.
The frameworks and sharing tools exist but, of course, so do challenges.
Picking one among the various resources itself can be confusing, if not inhibitive, HIMSS Kim said. Cost is another issue.
But the biggest obstacle is simply not knowing what information to seek and share or how to make that happen and the same goes for what not to share.
Ridge, who is now chairman of consultancy Ridge Global, added that healthcare should emulate other industries.
Healthcare needs to do with its IT systems what financial services, telecom and energy have already done, Ridge said. Be preemptive, not reactive.
Indeed, it has become a necessity for the healthcare industry to overcome those barriers to participation on the way to safeguarding patient information and care delivery for the patients and their families that infosec, IT and medical professionals serve.
We need to be more coordinated as a sector, HIMSS Kim said. Otherwise, we, too, will be pwned!
Twitter:SullyHIT Email the writer: tom.sullivan@himssmedia.com
Here is the original post:
Hospitals must band together to beat hackers - Healthcare IT News
- How good is fish for your diet? - November 8th, 2009 [November 8th, 2009]
- What foods have both fiber and protein? - November 8th, 2009 [November 8th, 2009]
- Is There Evidence That Acupuncture Works? - November 8th, 2009 [November 8th, 2009]
- What are some good fiber foods? - November 8th, 2009 [November 8th, 2009]
- Can Green Tea fight HIV infection? - November 8th, 2009 [November 8th, 2009]
- Quality of GNC Supplements - November 8th, 2009 [November 8th, 2009]
- The Gene Smart Diet - November 8th, 2009 [November 8th, 2009]
- Tips for eating in a vegetarian lifestyle - November 8th, 2009 [November 8th, 2009]
- Regarding the Starting of a new diet regimen - November 8th, 2009 [November 8th, 2009]
- Thoughts on Dropping Weight - November 8th, 2009 [November 8th, 2009]
- What do doctors think about vitamin E supplements? - November 8th, 2009 [November 8th, 2009]
- What herbs or supplements are commonly used for depression? - November 8th, 2009 [November 8th, 2009]
- Is there a safe way to lose a lot of weight? - November 8th, 2009 [November 8th, 2009]
- Diets that promise you will lose weight - November 8th, 2009 [November 8th, 2009]
- Are Fish Toxins Linked to Diabetes? - November 8th, 2009 [November 8th, 2009]
- Can Plastic Surgery Help Migraines? - November 8th, 2009 [November 8th, 2009]
- Weight Loss Surgery Eradicates Diabetes Symptoms - November 8th, 2009 [November 8th, 2009]
- Found: A Gene That Controls Fat Cells - November 8th, 2009 [November 8th, 2009]
- Sugars and Starches, what's the difference? - November 8th, 2009 [November 8th, 2009]
- Improving your health with a serving of nuts? - November 8th, 2009 [November 8th, 2009]
- Is Your Diet Causing You To Be Depressed? - December 13th, 2009 [December 13th, 2009]
- Placebo Effect: Magnetic Bracelet Therapy - December 13th, 2009 [December 13th, 2009]
- Does serotonin promote sleep? - December 13th, 2009 [December 13th, 2009]
- Decreased energy levels - Overeating, Sleep, Nutrition - February 1st, 2010 [February 1st, 2010]
- When will the body begin to cannibalize muscle tissue? - February 7th, 2010 [February 7th, 2010]
- Foods that are high in antioxidants - February 7th, 2010 [February 7th, 2010]
- Editorial: Reduce health care costs by cutting administrative overhead - April 1st, 2012 [April 1st, 2012]
- Health Care Winners: Centene, Onyxx - April 25th, 2012 [April 25th, 2012]
- Dan Morain: Nurses union puts politics ahead of health - April 25th, 2012 [April 25th, 2012]
- What's next if Obamacare falls? - April 25th, 2012 [April 25th, 2012]
- Global Managed Health Care Services Industry - April 25th, 2012 [April 25th, 2012]
- Immigration Fight Echoes Health-Care Case at High Court - April 25th, 2012 [April 25th, 2012]
- Medical Centers Lead Workplace Wellness Effort - April 25th, 2012 [April 25th, 2012]
- The next health care overhaul? Look to employers - April 25th, 2012 [April 25th, 2012]
- Capital BlueCross Hosts Community Health Care Forums Focused on Managing Costs While Maintaining Quality - April 25th, 2012 [April 25th, 2012]
- County committee to look at area health care - April 25th, 2012 [April 25th, 2012]
- President Obama Calls on Students to Tell Congress: #DontDoubleMyRate - Video - April 25th, 2012 [April 25th, 2012]
- Sen. Coburn: Competition in Health Care to Allocate Resources - Video - April 25th, 2012 [April 25th, 2012]
- Jesse Kelly health care - Video - April 25th, 2012 [April 25th, 2012]
- PHC Vision Statement (short version) - Video - April 30th, 2012 [April 30th, 2012]
- The Bioeconomy Blueprint Panel - Video - April 30th, 2012 [April 30th, 2012]
- Providence Health Care's Vision Statement - Video - April 30th, 2012 [April 30th, 2012]
- Department of Health and Human Services: Minority Health Blogger Townhall - Video - April 30th, 2012 [April 30th, 2012]
- Health care worker accused of stealing identities of brain i - Video - April 30th, 2012 [April 30th, 2012]
- Health Care Reform, Part 1 of 3 | KYVE Insiders Roundtable - Video - April 30th, 2012 [April 30th, 2012]
- Health Care Reform: The ACA and Beyond - Video - April 30th, 2012 [April 30th, 2012]
- Is Broccoli Like Health Insurance? - Video - April 30th, 2012 [April 30th, 2012]
- Did Obama make a mistake on health care? - Video - April 30th, 2012 [April 30th, 2012]
- How Democrats Lie About Health Care - Video - April 30th, 2012 [April 30th, 2012]
- Toobin on Health Care: This was a "judicial hissy-fit" - Video - April 30th, 2012 [April 30th, 2012]
- President Obama says health care law will stand - Video - April 30th, 2012 [April 30th, 2012]
- Obama Defends Health Care Law From 'Judicial Activism' - Video - April 30th, 2012 [April 30th, 2012]
- Obama Healthcare Individual Mandate - Video - April 30th, 2012 [April 30th, 2012]
- President Obama attacks Supreme Court on health care - Video - April 30th, 2012 [April 30th, 2012]
- Raw Audio: High Court Dissects Health Care Act - Video - April 30th, 2012 [April 30th, 2012]
- Health care on trial - Video - April 30th, 2012 [April 30th, 2012]
- Final Day of Health Care Law Arguments Before Supreme Court - Video - April 30th, 2012 [April 30th, 2012]
- Feds to put up $1.9B for Oregon health overhaul - May 4th, 2012 [May 4th, 2012]
- Scuttling health care act will freeze Medicare, White House warns - May 4th, 2012 [May 4th, 2012]
- U.S. Health Care Spending High, But Quality Lags: Report - May 4th, 2012 [May 4th, 2012]
- Yes, the Health-Care Mandate Is About Liberty - May 4th, 2012 [May 4th, 2012]
- Health center gets $1M federal grant - May 4th, 2012 [May 4th, 2012]
- Health-care reform panel considers exchange options for Va. - May 4th, 2012 [May 4th, 2012]
- Hmong health care gap focus of Healthy House dinner - May 4th, 2012 [May 4th, 2012]
- Walsh-led health bill to be unveiled - May 4th, 2012 [May 4th, 2012]
- Ontario health system confusing for ailing seniors, study finds - May 4th, 2012 [May 4th, 2012]
- 'Health Care Deserts' More Common in Black Neighborhoods - May 5th, 2012 [May 5th, 2012]
- With federal money, Oregon kicks health care reform into high gear - May 5th, 2012 [May 5th, 2012]
- Nurse practitioners tackling more 'doctor' tasks - May 5th, 2012 [May 5th, 2012]
- Konza Prairie Health Center Receives $4.5 Million Grant - May 5th, 2012 [May 5th, 2012]
- Alberta wages hurting Sask. health care - May 5th, 2012 [May 5th, 2012]
- House releases plan to cut growth of Massachusetts health spending in half - May 5th, 2012 [May 5th, 2012]
- Mass. House Will Unveil Bill Seeking To Rein In Health Costs - May 5th, 2012 [May 5th, 2012]
- President Obama Welcomes the Kentucky Wildcats - Video - May 5th, 2012 [May 5th, 2012]
- President Obama Speaks on College Affordability - Video - May 5th, 2012 [May 5th, 2012]
- My First Job: Gene Sperling - Video - May 5th, 2012 [May 5th, 2012]
- Health-care costs worry near-retirees - May 7th, 2012 [May 7th, 2012]
- Massachusetts Institutes Health-Care Price Controls. Is America Next? - May 7th, 2012 [May 7th, 2012]
- Massachusetts Moves Toward Health-Care Price Controls. Is America Next? - May 7th, 2012 [May 7th, 2012]
- GOP plan boosts Pentagon, cuts social programs - May 7th, 2012 [May 7th, 2012]