dreamstime CynergisTek CEO Barlow: The Hospital

Ransomware Crisis Is ‘Pretty Alarming’ In the wake of the nationwide ransomware attacks being launched against U.S. hospitals, CynergisTek CEO Caleb Barlow shared his perspectives on the urgent need for IT security leaders to act now By Mark Hagland


ate in October, a variety of media out- lets carried the news about a major surge in ransomware attacks—attacks

of considerable ferocity. The Washington Post reported that in the space of 24 hours, six hospitals across the country were hit inside of a week with Ryuk ransomware attacks that demanded up to $1 million, which some hospitals have paid. In response, federal agencies have issued a warning saying that they have credible information of an increased and imminent cybercrime threat to more U.S. hospitals and healthcare providers. The Cybersecurity and Infrastructure

Security Agency (CISA), FBI, and the Department of Health and Human Services are warning healthcare provid- ers to take precautions to protect their networks from these threats, including attempts to infect systems with Ryuk ran- somware. In terms of response to attacks, CISA, FBI and HHS do not recommend paying ransoms. Payment does not guar- antee fi les will be recovered, they noted. “It may also embolden adversaries to tar- get additional organizations, encourage


other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” the agencies cautioned. Following these developments, senior leaders at the Austin, Texas-based

Standards and Technology, a division of the U.S. Department of Commerce. Recently, Healthcare Innovation Editor-in- Chief Mark Hagland spoke with Caleb Barlow, who has been CynergisTek’s presi- dent and CEO since August 2019, regard- ing the current moment in cybersecurity. Prior to joining CynergisTek, Barlow led the IBM X-Force Threat Intelligence organization. Below are excerpts from that interview.

Caleb Barlow

CyngergisTek consulting fi rm found in a recent survey that 66 percent of hospitals and health systems fail to meet minimum cybersecurity requirements, as articu- lated by NIST, the National Institute of | JANUARY/FEBRUARY 2021

What is the overall situation like right now in healthcare? The situation right now in healthcare is pretty alarming. What we have going back to the UHS [Universal Health Services, a 400-facility organization based in King of Prussia, Pa.] incident [in September] is a series of ransomware attacks. That’s not new. But what was new starting with UHS is the change in adversarial intent. What do the bad guys want? Remember, these are crimi- nal gangs. You don’t necessarily want to draw the ire of every law enforcement entity in the country. And you don’t

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32