Jun 13, 2020
During this digital panel session, Jim Brady discusses real-time change in incident management. His extensive experience in a multitude of security roles throughout his career means he has seen a lot of changes in the healthcare cyber security field. Naturally, the latest change to make its mark is the new remote work environment COVID-19 has deemed nececessary.
In the past, incident response plans are created and workshopped on location—in the case of healthcare, at the hospitals, command centers, etc. Now, with most of IT, the administration staff, and even doctors working remotely, new considerations must be taken.
Now that vendors, legal counsel, and staff are working from home, are they vulnerable to new threat actors, or are the bad guys giving healthcare a break during this global pandemic? Unfortunately, opportunistic phishing scams are increasing as the world is combatting COVID-19. For example, some phishing attempts run under the guise of PPE equipment vendors.
Additionally, while telehealth works as a good alternative to in-person doctor appointments, is it secure?
A well, executed cyber security incident has the possibility to severely disable or even take down organizations. In the healthcare field—especially during this time—it is imperative that hospital doors remain open. CSOs are especially on alert for the following three threats:
There are a few key things CSOs can do to effectively mitigate these areas of vulnerability. The first challenge is managing the environment remotely now that key security staff is working from home. System access needs to be the same as it was onsite. Home networks require an appropriate amount of bandwidth and the right VPN access must be granted. Home workers need the proper security for their home router firewall.
A holistic cyber security plan not only works to prevent incidents but respond to them as well. In the way that fire departments educate on fire prevention while also maintaining the ability to put fires out, responding quickly to a breach is imperative. For example:
Architecting a command center is difficult enough on prem with a team. It has only gotten harder with everyone spread out remotely. A communication grid helps clarify who communicates what to who. The C-suite needs regular high levels of communication. Clinicians on the front lines delivering care need access to the technologies that are required to do their jobs. Educating the administration staff on how to stay safe at home is also imperative. These non-technical positions are more prone to insecure home network and firewall setups. BOYB devices must not be used by family members or left insecure. All of these things need to be considered when developing an incident response plan during this pandemic.
The health and safety of employees is also tied closely into cyber security. For example, is there a contingency plan if a large number of IT staff get sick? Are hospital-issued laptops and repurposed IT equipment disinfected properly? Are vendors shipping safe goods? If a cyber security attack affects technology tools at a hospital, who retrieves that device for forensics purposes? Do they have protective equipment to keep them safe? All of these considerations must be a part of an incident response plan.
The business and IT side of healthcare banded together and willingly risked their health to set up the technological side of medical tents and drive-through testing. Jim considers the possibility that such a positive and efficient crisis response will set an impossible precedence in the future.
If ever there were a silver lining to Coronavirus, long-term healthcare changes going forward may be it. Traditionally, healthcare is an industry that lags behind in technology adoption. Telehealth--a method of healthcare that brings down cost and increases patient satisfaction—will be the new way forward. Jim expands on this idea before answering live-audience questions.