Protecting the Health Care Ecosystem Requires Looking at Cyber Culture
Industry and federal partners are working on collaborations to transform the evolving cybersecurity landscape.
Every year, the number of ransomware attacks in the health care sector increases as leaders work to protect the digital health care ecosystem.
“It is a problem,” said Department of Health and Human Services CIO Karl Mathias at the 2023 Billington Summit — adding that the sector has seen a 42% increase since 2016 in ransomware attacks. “Last year, and this year, it’s going to be the biggest sector for ransomware attacks.”
Mathias said that prevention is key in order to get in front of the problem. The agency has created a program, 405D, which is dedicated to risk management and strengthening cybersecurity within the sector before threats occur.
“HHS isn’t just looking at it from a single hospital point of view, or even a medical group. We’re looking at the entire infrastructure of the health care system, whether it’s a provider, whether it’s a hospital, whether it’s pharmaceutical manufacturing company,” Mathias said.
In addition, HHS released a roadmap to guide health care organizations to prevent and confront cyberattacks in March. The cybersecurity implementation guide is targeted to help public and private health care sectors.
The number of cybersecurity threats is expected to increase as emerging technology like AI continues to mature and open up the threat landscape. In 2022, health care organizations in America were targeted with more than 1,400 cyberattacks weekly per organization.
“Cyber incidents pose risks to patient data, intellectual property, scientific or laboratory research, medical manufacturing and ultimately the ability of health care organizations to safely serve their patients,” said HHS Deputy Secretary Andrea Palm in a March statement.
Cybersecurity industry leaders say data protection is critical and will ultimately provide a solution to ongoing threats.
“The health care industry generates almost a third of the data that’s been put out. Health care data is so attractive, so lucrative in the dark web and the other areas that people want to get into,” Leidos CTO Srini Iyer said at the 2023 Billington Summit. “Protecting the data is so important. If we can do that, I think it’ll probably prevent a lot of activities.”
To stay ahead of these threats, Mathias said HHS is collaborating with other agencies for additional support.
“We’re working with CISA, we’re working with the FBI, to see if we can get to those places that are in trouble, particularly when you see the small rural hospitals get hit, they have less resources, we want to make sure that we can come in and help them,” Mathias said.
In 2022, the FBI received more than 200 reports of ransomware attacks in the health care sector, topping all other sectors. This is where shaping a cybersecurity culture will be key across organizations.
“Health care organizations must safeguard their information technology systems to help prevent attacks and create a culture of cyber safety in the health care industry,” Assistant Secretary for Preparedness and Response Dawn O’Connell said in a statement.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
How Agencies Are Handling Evolving Cybersecurity Challenges
Hear federal cybersecurity experts discuss strategies for staying informed about the latest threats, tools and policies.
30m watch -
The Intersection of Zero Trust and AI in Government
Agencies can modernize cyber hygiene practices to leverage AI while also thwarting bad actors who are taking advantage of it.
21m watch -
Federal Efforts to Secure Data and Build Resiliency
This issue delves into advancements in cyber resiliency within the federal government amid an evergrowing digital world.
16m read -
DHS Tabs Cyber and AI as Innovation R&D Priorities
The agency’s plan utilizes AI to better address future threats, secure critical infrastructure and improve workforce efficiency.
5m read