CyberMDX Panel of Healthcare CISOs Shed Light on Where to Focus our Cyber Awareness
New York, NY, October 28, 2021 — As part of their ongoing Cybersecurity Awareness Month efforts, CyberMDX, a leading healthcare cybersecurity provider delivering visibility and threat prevention for medical devices and clinical networks, hosted cybersecurity experts from across the healthcare spectrum to explore and analyze the challenges facing the modern healthcare organization.
CyberMDX’s recent Perspectives in Healthcare Security Report revealed that despite continuing cyber-attacks against healthcare organizations (i.e., roughly half of respondents experiencing an externally motivated shutdown in the 6 months prior to the survey), more than 60% of hospital IT teams have “other” spending priorities. Furthermore, less than 11% said cybersecurity is a high priority spend. With the growing connected device ecosystem and the rapidly evolving threat landscape, healthcare organizations must adapt to ensure the continued safety of their patients, devices, and data.
As part of the virtual event, CyberMDX hosted Anahi Santiago, CISO of ChristianaCare, John Weller, CISO of University of Michigan Health-West, and Errol Weiss, CSO of H-ISAC on a panel to discuss the major challenges healthcare organizations are facing today.
“The next concern that we’re seeing is that we have 50-80 different vendors with remote access 24/7 into these medical devices; hopefully it’s just theirs that they support, but we’ve seen cases where they (the vendors) have downloaded unauthorized software,” said John Weller, CISO at University of Michigan Health-West. “On our journey this is the next area we need to be focused on, keeping an eye on these remote vendor capabilities.”
Speaking on the topic of cyber awareness within the healthcare industry, Errol Weiss, Chief Security Officer at H-ISAC stated that, “Unfortunately the bad guys have done a tremendous job helping us to raise awareness. We’re hearing about data breaches every day in the news cycle, and there’s news stories about this impacting organizations in every critical infrastructure sector, not just healthcare.” He continued to suggest that beyond simply raising awareness, “We, as CISOs, need to do a better job of bringing the issue to our boardrooms and quantifying the risk in terms of dollars.”
Other topics discussed on the panel include the rapid transition from traditionally offline devices to fully connected fleets of medical IoT devices as well as, remote connectivity, organizational awareness regarding ransomware, and the dangers of third-party and supply chain vulnerabilities.