Health Care Cybersecurity Will Need to Keep Pace with Innovation to Combat Threats
Public and private cybersecurity executives spoke about the ways agencies and industry alike are increasing cybersecurity efforts to protect health care data.
Digital modernization is helping agencies adapt to a faster, more connected and digitized world. However, as agencies modernize and streamline assets, the threat and potential damage that bad actors can wreak on data becomes greater.
Amber Pearson, deputy CISO and executive director of information security policy and strategy at the Department of Veterans Affairs, spoke at GovCIO Media and Research’s Health IT Summit about how databases are digitizing while ensuring their data remains secure as cybercrime strategies evolve.
Pearson said that some of the greatest threats that agencies face are malware and ransomware attacks, and cybersecurity will need to keep pace as technology evolves and as agencies adopt zero-trust principles.
“We’re seeing an advancement in all health care technology. We have mobile wearable health care devices. When you think about that, that increases the attack surface,” Pearson said at the event. “Cybersecurity has to move at the speed of innovation.”
Interoperability within health care and increasing data sharing also prove signficant risks to cybersecurity, said Imani Tate, director of cybersecurity compliance at MongoDB.
“Part of that starts with really thorough risk assessments to not only engage leaders in your organization, but also take into account the business needs for both your organization and your customers or clients or whoever you’re serving,” Tate said at the event. “Incorporating that information to determine what are your crown jewels, what should we really be protecting the most?”
Pearson noted the three core principles underpinning the VA’s cybersecuity strategy:
-
Never trust, but verify.
-
Implement least privilege.
-
Assume breach and assume that all networks are hostile.
“Traditional cybersecurity strategies used to focus only on the perimeter. As we see now, that is no longer sufficient. We go beyond that by ensuring that we have rigor in our access management as we look through the ransomware,” Pearson said.
In the private sector, Tate spoke of her company’s cybersecurity outreach program, which encourages all employees to take on the onus of cybersecurity themselves rather than solely relying on their security teams. The program uses monthly meetings and close work relationships to foster discussion and raise awareness of potential threats to the network.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Biden Signs New Tech Executive Orders Before Departing Office
Joe Biden signed two new executive orders this week promoting future cyber and AI priorities before Donald Trump takes office Monday.
5m read -
DODIN Strategy Aims to Outpace Cyber Threats
JFHQ-DODIN Commander Lt. Gen. Paul Stanton says the new "How We Prevail" plan moves from reactive defense to proactive threat mitigation.
4m read -
Preparing for the Future Cyber Landscape
CISA, CFPB and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future threat landscape and bolster cyber resilience.
30m watch -
Air Force Chief: Modernization Is Critical to Maintaining Superiority
Air Force Secretary Frank Kendall cites AI, automation and cyber resilience as key modernization components to outpace China by 2050.
3m read