Health Care Cybersecurity Will Need to Keep Pace with Innovation to Combat Threats
Public and private cybersecurity executives spoke about the ways agencies and industry alike are increasing cybersecurity efforts to protect health care data.
Digital modernization is helping agencies adapt to a faster, more connected and digitized world. However, as agencies modernize and streamline assets, the threat and potential damage that bad actors can wreak on data becomes greater.
Amber Pearson, deputy CISO and executive director of information security policy and strategy at the Department of Veterans Affairs, spoke at GovCIO Media and Research’s Health IT Summit about how databases are digitizing while ensuring their data remains secure as cybercrime strategies evolve.
Pearson said that some of the greatest threats that agencies face are malware and ransomware attacks, and cybersecurity will need to keep pace as technology evolves and as agencies adopt zero-trust principles.
“We’re seeing an advancement in all health care technology. We have mobile wearable health care devices. When you think about that, that increases the attack surface,” Pearson said at the event. “Cybersecurity has to move at the speed of innovation.”
Interoperability within health care and increasing data sharing also prove signficant risks to cybersecurity, said Imani Tate, director of cybersecurity compliance at MongoDB.
“Part of that starts with really thorough risk assessments to not only engage leaders in your organization, but also take into account the business needs for both your organization and your customers or clients or whoever you’re serving,” Tate said at the event. “Incorporating that information to determine what are your crown jewels, what should we really be protecting the most?”
Pearson noted the three core principles underpinning the VA’s cybersecuity strategy:
-
Never trust, but verify.
-
Implement least privilege.
-
Assume breach and assume that all networks are hostile.
“Traditional cybersecurity strategies used to focus only on the perimeter. As we see now, that is no longer sufficient. We go beyond that by ensuring that we have rigor in our access management as we look through the ransomware,” Pearson said.
In the private sector, Tate spoke of her company’s cybersecurity outreach program, which encourages all employees to take on the onus of cybersecurity themselves rather than solely relying on their security teams. The program uses monthly meetings and close work relationships to foster discussion and raise awareness of potential threats to the network.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Dominates CISA’s President’s Cup Cyber Competition
The competition featured real-world scenarios such as the LastPass major attack in 2022 and incorporates emerging technology.
4m read -
68 Software Firms Sign CISA’s Secure-by-Design Pledge
A year since CISA's initiative, tech companies say their products will have built-in security features from the start.
3m read -
Spain’s Cyber Agency is Incubating Businesses to Protect NATO Cyberspace
INCIBE Secretary General Carla Redondo Galbarriatu said the private sector is key to strengthening cybersecurity.
12m listen -
DHS AI Board Sees Civil Rights as ‘Part and Parcel’ of AI Safety
Secretary Alejandro Mayorkas shared details about the new board's first meeting and how he sees it transforming the agency's AI development.
3m read