Health-ISAC’s Errol Weiss shares his perspectives on the intensifying cyber dangers threatening health systems right now—and what senior leaders need to do
Mark Hagland Jan. 23, 2024
Read the full Healthcare Innovation article in RAMA ON HEALTHCARE here:
And what are you looking at most intensively right now?
The top things we’re worried about are phishing attacks against organizations, and ransomware—and they’re closely related; those remain the top two, as they have been. And data breaches are still happening. We did an analysis looking at the HHS-OCR report on data breaches [encompassed in the report entitled “Healthcare Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services,” published in December 2023]. And there were 3,604 patient records breached every hour and reported to HHS, on average.
I have that number in my head, and when I do presentations, I bring up that number as representing the average number of breaches that will happen during the time of my presentation. That’s one of the key pieces of the puzzle. And number four will be third-party partner breaches. The security of partners remains a huge concern across healthcare. And the final broad concern is around social engineering.
Continue reading Errol Weiss’s answers to the questions below here:
When you look at the overall threat landscape facing the leaders of hospitals, medical groups, and health systems, what do you see right now?
What are the smartest patient care organization leaders doing right now?
Are your conversations different now from how they were a few years ago, with hospital and health system leaders?
Would you favor financial penalties? As you know, a controversy has erupted over HHS officials’ suggestion in December that the agency might ultimately impose financial penalties for lack of preparedness, and the American Hospital Association has spoken out forcefully against any such possibility.
In this moment, what would your advice be for patient organization leaders tasked with the responsibility for cybersecurity?