The panel's focus was to share insights with prospective cybersecurity professionals about the future of Cybersecurity in healthcare.
The panel consisted of Richard Temple, CIO from Deborah Heart and Lung Center, RCBC Information Technology Instructor Paul Warner, RCBC 2020 Valedictorian and Cybersecurity Graduate Shanni Prutchi and me, John Gomez, CEO Sensato Cybersecurity Solutions.
We covered many topics during the panel discussion, but some of the highlights included: Cybersecurity Operations for Hospitals, Threat Detection, and recent changes in Federal Cybersecurity Regulations. I will share some highlights but feel free to check out the entire discussion on Facebook here.
I shared some of Sensato's experiences and how we help hospitals uncover potential cybersecurity threats.
One of the ways we help hospitals is to take the burden off of them. We operate a CybersecurityTactical Operations Center (CTOC), which is different than what most cybersecurity companies offer in a Security Operations Center (SOC). I won't go into too much detail here about the differences, but you can check out more information here if you are interested. It's 24/7 eyes-on-glass to detect threats, manage compliance, and handle the incident response. These are all things that not many hospitals have the resources to support.
Rich also shared how he knows that his hospital can't do everything by itself. He recommends getting outside support from experts. For example, Deborah Heart and Lung Center deployed cybersecurity strategies with Sensato that they wouldn't have been able to do by themselves. Rich stated that you can never say for sure that you won't get hacked, but having the right defenses in place, having eyes on things that they couldn't have done on their own, has been one of their big defensive strategies.
We discussed strategies for staying ahead of changing threats. One way is to establish relationships with others in the cybersecurity field and regularly share information. For example, Sensato works with multiple agencies to identify and analyze threat intelligence. Here are a few examples of how we gather threat information:
• Share information with federal agencies like the Dept of Homeland Security, Dept of Defense, CISA, FDA
• Share information with other organizations like the UK Cybersecurity Center
• Keep relationships with people on the "darkside" – we cull details about what hackers are looking to do
• Scour the dark web
• We attack systems ourselves to uncover weaknesses and identify attacks
To stay ahead of the next significant threat, you must commit to continually learning, think like an attacker, and be willing to change and modify your plans.
Another point made on the panel was that while most hospitals have some defenses deployed to identify threats or comply with federal regulations, hospitals are looking to improve their ability to monitor and identify attacks, especially given the more recent massive attacks that have been reported.
According to Rich, the need for Cybersecurity is not going away anytime soon, and it's best to stay on top of it.
One other area that I talked about briefly in this panel that might be of interest to you is about some recent updates to federal cybersecurity regulations. Things like; did you know that you are no longer legally allowed to pay a ransom from a ransomware attack? There was also a recent bill passed that lowers liability for hospitals if you've made investments in Cybersecurity. It's worth looking at the recent changes to ensure you are complying (reach out if you have questions too).
It was great to share what's going on in healthcare cybersecurity with the next generation of cybersecurity professionals. We are going to need them in the future, not only in healthcare but also in many other industries.
Watch here for the full Rowan College at Burlington County panel discussion. The discussion applies to cybersecurity professionals at hospitals and people looking to start in a healthcare cybersecurity career.
If you want to talk more about the challenges you are having in Cybersecurity at your hospital or hear more about how we manage our CTOC that I mentioned earlier, please feel free to reach out. We would love to talk with you.
I am also leading a live webinar about “Medical Device Incident Response: What You Need to Know to be Prepared". I will share insights into the FDA Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook and give ideas for what your organizations should be doing to make sure you are prepared in the event of a medical device cybersecurity attack. You can register here.
