CDC, NIH: People, Technology Threaten Patient Data Most
Officials from the CDC and NIH discuss the top cybersecurity priorities as threats and technologies evolve.
Cybersecurity threats are evolving, and in turn, so are the healthcare sector’s efforts to thwart them. Key leaders at GovCIO Media & Research’s Health IT Summit discussed their views of today’s top threats: technology and people.
While each agency faces individual problems, the Center for Disease Control and Prevention (CDC)’s CISO Joe Lewis said ransomware remains a top threat. Lewis said ransomware attacks directly impact patient care.
“Impacts on patient care impact our ability to get data in order to make predictive decisions about how we apply resources to contain disease,” said Lewis. “Ransomware, in particular, has affected a number of high-profile healthcare entities over the last 12 to 18 months.”
Before President Biden’s executive order on artificial intelligence (AI), some agencies were hesitant to allow employees to use AI applications like ChatGPT. Lewis recalled being in meetings about the potential risks and benefits of using AI applications. He said the risk of using AI was something he would willingly accept.
“These new technologies can fundamentally alter how we deliver public health to the nation, and so I would much rather us err on the side of risking to do something than to do nothing,” said Lewis.
Lewis also emphasized that cybersecurity officials shouldn’t be the decision-makers on what technologies are being used. With governance in place, cybersecurity officials should inform employees how to use emerging technology safely, securely and intelligently.
As the technology used by bad actors improves, the workforce needs to follow suit. Jothi Dugar, CISO at the National Institutes of Health (NIH), said her team’s holistic and integrative approach includes focusing on people. Dugar started a cyber safety campaign at the NIH and connected cybersecurity to patient safety.
By putting cybersecurity into familiar terms, Dugar said people were more receptive to cybersecurity practices especially as NIH implements emerging technologies like AI. She said the knowledge employees possess empowers them to report cybersecurity incidents.
“We don’t want [employees] to feel too scared to tell our security folks because something bad is going to happen,” said Dugar. “It’s really important to take a holistic and integrative approach and with ‘people process and technology’ really focusing on the people.”
Lewis added that annual training exercises prepare employees for when a breach happens. By thinking in a ‘when’ mindset rather than ‘if,’ Lewis said policies and procedures are updated creating knowledge management. This allows the CDC to prepare for staff turnover and the future use of emerging technologies.
“My job as a leader is to get the most out of people while they’re there, support them, train them,” said Lewis. “If they leave for bigger and better, [they] leave some piece of institutional knowledge, and we remain resilient in the face of that turnover.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Shifts Cyber Workforce Strategy to Prioritize Skills Over Pedigree
Defense officials and experts say that hiring and maintaining cyber talent is critical to national security.
4m read -
HHS Accelerates AI, TEFCA in 2024
Micky Tripathi, tech policy and health IT leader, reflects on progress HHS has made with AI, data and TEFCA and outlines plans for 2025.
-
VA Focuses on Continuous Improvement for 2026 EHR Rollout
VA plans to resume rollout of its EHR in mid-2026, focusing recent feedback to drive continuous improvement amid the presidential transition.
4m read -
Trump's Intelligence Pick Backs Cybersecurity, Tech Accountability
The former congresswoman has called for improving cyber defenses and advocated for accountability in federal tech and data practices.
2m read