CYBER CORNER A Look at Cybersecurity


in 2022 and Into 2023 Healthcare Innovation presents some of the top cybersecurity news from 2022 and cyber expert Richard Staynings refl ects upon the year and what’s in store for 2023 By Janette Wider


A


s the year comes to an end, it only feels natural to refl ect upon the 2022 landscape overall regard-


ing cybersecurity and look ahead at what may come in 2023. The year had its ups and downs, and frankly, due to the increase in bad actors there were more downs than ups. The healthcare industry was consistently named a prime target for cyberattacks, which is no surprise due to the nature of the business. Yet, senior leaders at hospitals and health systems kept their chins up and encouraged others to heed their advice when it comes to foundational cybersecurity practices, remaining resil- ient, practicing proactive strategies vs. reactive, and more. Things started off in 2022 as heated as


ever. On Feb. 23, the American Hospital Association (AHA) published a cyber- security advisory warning that Russia may use cyberattacks as a form of retali- ation due to the economic and military sanctions placed on the country by the U.S. government and NATO allies. The advisory states that “The AHA


is closely monitoring the potential for increased cyber risks to the U.S. health system stemming from the ongoing military operations in the Russia/ Ukraine region. The Russian military has previously used cyberattacks against Ukraine to disrupt the electri- cal grid, communications capabilities and fi nancial institutions. For example, it was reported last week that cyber denial-of-service attacks, attributed to the Russian military, were launched against Ukraine’s Ministry of Defense, as well as its fi nancial institutions.” That said, “In light of previous


attacks and potential threats, the Cybersecurity and Infrastructure Security Agency last week issued a related-and-rare cyber ‘Shields Up’ warning to the U.S. private sector, including healthcare, based upon the


26


increased cyberthreat posed by the Russian government.” In March, during the HIMSS22


conference in Orlando, Fla., as part of the Healthcare Cybersecurity Forum, a Leadership Panel titled “CISO State of Mind” focused on what to expect in the industry during these turbulent times and set the tone for the year to come. The panel featured speakers Erik Decker, CISO at Intermountain Healthcare; Anahi Santiago, CISO at ChristianaCare; and Vugar Zeynalov, CISO at the Cleveland Clinic. The panel was moderated by Daimon Geopfert, principle of cyber, risks & regulation implementation & operations, PwC. Geopfert kicked off the panel by


asking the speakers, “What’s keeping you up at night?” Zeynalov said that he sleeps like a baby, “waking up every two hours to cry.” He then seriously com- mented that building resiliency and agility keep him up along with three other areas. “How do we do business to keep up with constantly changing and, often, competing priorities?” he adds. “The second thing is enabling the organization to grow both physi- cally and digitally. And the third area is attracting top talent.” Decker added that “Selling and


evangelizing cybersecurity is a way of the past.” He went on to say that the demands and competing priori- ties are akin to a car needing to drive faster and, therefore, needing better brakes. When it comes to cybersecurity, when an organization wants to push through better innovation, it needs better cybersecurity. In April we reported that the


Department of Health and Human Services (HHS)


issued a warning


regarding insider threats when it comes to healthcare and the public health (HPH) sector. “An insider threat in the HPH Sector is potentially a person


26 hcinnovationgroup.com | NOVEMBER/DECEMBER 2022 Janette Wider


within a healthcare organization, or a contractor, who has access to assets or inside information concerning the organization’s security practices, data, and computer systems,” the warning says. “The person could use this infor- mation in a way that negatively impacts the organization.” The warning adds that, “While most


companies invest more money on insider threats with malicious intent, negligent insider threats are more com- mon.” According to Ponemon’s ‘2020 Insider Threats Report,’ 61 percent of data breaches involving an insider are primarily unintentional, caused by negligent insiders. In June, we reported on a global


survey of healthcare IT executives that found that 44 percent of healthcare orga- nizations that suffered an attack in the last year took up to a week to recover from the most signifi cant attack, and 25 percent of them took up to one month. “The


State of Ransomware in


Healthcare 2022” survey from cyberse- curity solutions provider Sophos polled 5,600 IT professionals from 31 countries, including 381 in healthcare. In the survey, 66 percent in healthcare said their orga- nization was hit by ransomware in 2021 compared to 34 percent who responded to the survey the previous year. Among the report’s other troubling


fi ndings are that healthcare organiza- tions are more likely to pay the ransom than those in other fi elds, with 61 per- cent of organizations paying the ransom to get encrypted data back. Healthcare organizations that paid the ransom got back only 65 percent of their data in 2021, down from 69 percent in 2020; furthermore, only 2 percent of those that paid the ransom in 2021 got all their data back, down from 8 percent in 2020, the report said. On July 6, the Federal Bureau of Investigation (FBI), Cybersecurity and


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32