Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

If you asked someone with 20 years of healthcare security to name the top challenges facing the industry today, what do you think they’d say?

Would they cite the latest vulnerability? Lament the lack of user education? Decry the portfolio of complicated tools firing noising alerts?

Perhaps, but there’s one challenge that’s common to all of these and it’s financial. That’s according to Steve Swansbrough, who has 22 years in the field and most recently focused on protecting the network of a Fortune 10 healthcare company.

We recently had the good fortune of hosting Steve for a webinar addressing cybersecurity challenges in healthcare, including intrusion detection. The webinar was such a success, that we asked him to sit down with us for an interview to dive into some of the points of interest to the community.

Read on to learn Steve’s compelling take on the state of cybersecurity in healthcare.

1) How would you characterize the state of cybersecurity in healthcare? 

SS: The state of cybersecurity today in healthcare is somewhere in the middle and has room for improvement. It’s not getting better yet, it could potentially get worse. If the industry has a new ransomware type of attack, or Meltdown/Spectre type vulnerability, things could go south quickly.

In healthcare security, the critical tasks are protecting personally identifiable information (PII), protected health information (PHI), and ensuring we have proper visibility of, and options to mitigate, emerging threats.

It’s not just zero-day threats we’re worried about because ransomware is a big concern. It’s been about two years since Hollywood Presbyterian Medical Center paid the first ransom to release data that was locked up. This sparked a flood of bad actors going after some of the easier targets in the healthcare industry.

It used to be that no one paid attention to healthcare – there was no point. However, with the advent of Bitcoin, and the fact that healthcare is a soft target, especially hospitals, this is growing and poised to grow more.

2) Why are hospitals such soft cyber targets?

SS: It’s because hospital budgets do not have line items for security products. Hospitals are in the business of healing people and saving lives, and most of their budget goes to those resources: doctors, nurses and technicians – and often expensive multimillion-dollar medical devices they need to do their important work.

As such, they don’t have a lot of money to shift towards security. In many cases, they don’t have the right technical talent to do some of the basics, like segmenting their core protected patient data or medical systems from general internet access.

Like many businesses, hospitals offer free guest Wi-Fi as a service to their patients, and then they quickly discover the risk of not segmenting or securing guest and internal wireless networks. Anybody that knows what they’re doing could possibly leverage this as a way into the more critical infrastructure or the network environment at that hospital.

To read the entire interview, please click here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?