The healthcare industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector’s information security resiliency.


“Ransomware is affecting organizations of all sizes and maturity capabilities. Many small organizations are a critical part of the supply chain”, says Errol Weiss, Health-ISAC chief security officer. “Larger organizations should partner with these smaller ones as part of their overall risk management process and assist them with creating their own IT security programs – it becomes a team sport.”

Link to full interview with Healthcare Info Security:


There are many challenges, particularly for smaller organizations that may not have dedicated IT staff, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center, or Health-ISAC. The group is dedicated to sharing threat intelligence in the health sector.

“Ultimately, I think it does come down to lacking those sufficient resources on information security budgets – not having the technology that’s needed to adequately address the enterprise,” Weiss says.

For those smaller organizations, Weiss says Health-ISAC’s advice centers on aspects that those organizations have control over. He says that includes training and awareness, toolkits that might be helpful and ensuring organizations have a backup regimen.

“If you look at all those recommendations, they tend to be sort of ‘How do you avoid becoming a ransomware victim?'” Weiss says. “And those are usually very effective.”

In this video interview, Weiss discusses:

  • – What cybersecurity challenges healthcare institutions face;
  • – How hospital boards view cybersecurity investments;
  • – How Health-ISAC helps healthcare institutions improve.

Weiss was formerly an executive vice president with Citigroup’s IT risk and program management office. Further back, he was a senior network security analyst for the National Security Agency, responsible for conducting vulnerability analyses and penetrations of highly classified U.S. government computers and network systems.



Translate »