CDC, NIH: People, Technology Threaten Patient Data Most
Officials from the CDC and NIH discuss the top cybersecurity priorities as threats and technologies evolve.
Cybersecurity threats are evolving, and in turn, so are the healthcare sector’s efforts to thwart them. Key leaders at GovCIO Media & Research’s Health IT Summit discussed their views of today’s top threats: technology and people.
While each agency faces individual problems, the Center for Disease Control and Prevention (CDC)’s CISO Joe Lewis said ransomware remains a top threat. Lewis said ransomware attacks directly impact patient care.
“Impacts on patient care impact our ability to get data in order to make predictive decisions about how we apply resources to contain disease,” said Lewis. “Ransomware, in particular, has affected a number of high-profile healthcare entities over the last 12 to 18 months.”
Before President Biden’s executive order on artificial intelligence (AI), some agencies were hesitant to allow employees to use AI applications like ChatGPT. Lewis recalled being in meetings about the potential risks and benefits of using AI applications. He said the risk of using AI was something he would willingly accept.
“These new technologies can fundamentally alter how we deliver public health to the nation, and so I would much rather us err on the side of risking to do something than to do nothing,” said Lewis.
Lewis also emphasized that cybersecurity officials shouldn’t be the decision-makers on what technologies are being used. With governance in place, cybersecurity officials should inform employees how to use emerging technology safely, securely and intelligently.
As the technology used by bad actors improves, the workforce needs to follow suit. Jothi Dugar, CISO at the National Institutes of Health (NIH), said her team’s holistic and integrative approach includes focusing on people. Dugar started a cyber safety campaign at the NIH and connected cybersecurity to patient safety.
By putting cybersecurity into familiar terms, Dugar said people were more receptive to cybersecurity practices especially as NIH implements emerging technologies like AI. She said the knowledge employees possess empowers them to report cybersecurity incidents.
“We don’t want [employees] to feel too scared to tell our security folks because something bad is going to happen,” said Dugar. “It’s really important to take a holistic and integrative approach and with ‘people process and technology’ really focusing on the people.”
Lewis added that annual training exercises prepare employees for when a breach happens. By thinking in a ‘when’ mindset rather than ‘if,’ Lewis said policies and procedures are updated creating knowledge management. This allows the CDC to prepare for staff turnover and the future use of emerging technologies.
“My job as a leader is to get the most out of people while they’re there, support them, train them,” said Lewis. “If they leave for bigger and better, [they] leave some piece of institutional knowledge, and we remain resilient in the face of that turnover.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Defense Leaders Urge Compliance With Final CMMC Cybersecurity Rule
Pentagon leaders say businesses should start complying with current standards to avoid costly changes later.
5m read -
How Agencies Are Handling Evolving Cybersecurity Challenges
Hear federal cybersecurity experts discuss strategies for staying informed about the latest threats, tools and policies.
30m watch -
The Intersection of Zero Trust and AI in Government
Agencies can modernize cyber hygiene practices to leverage AI while also thwarting bad actors who are taking advantage of it.
21m watch -
Federal Efforts to Secure Data and Build Resiliency
This issue delves into advancements in cyber resiliency within the federal government amid an evergrowing digital world.
16m read