‘The more connected devices you have, the more attack opportunities there are for hackers’
BOSTON – With cybersecurity attacks on the rise, health systems need to prepare their medical devices, data and operating systems, Leo Scanlan told attendees of the 9th annual mHealth+Telehealth World Congress in Boston on Monday.
With memories of the recent WannaCry and Petya ransomware attacks still fresh, the message was loud and clear from Scanlan, the deputy chief information security officer and senior cybersecurity advisor for healthcare cybersecurity in the Office of Information Security, Office of the Chief Information Officer, for the U.S. Department of Health and Human Services.
“The question is not if you will be attacked,” he said. “The question is when you will be attacked and how.”
Scanlan warned that cybersecurity attacks can come from all fronts, including connected devices and the Internet of Things. Hackers are not only seeking information like names, addresses and Social Security numbers—in some countries, chest X-rays are a valuable commodity because they are often needed to obtain a work visa, he said.
“The more connected devices you have, the more attack opportunities there are for hackers,” he said. “The convenience must be weighed against higher risks and vulnerabilities.”
HHS fielded about 9,000 managed cybersecurity issues in the health care sector last year, with 63% more successful attacks than the previous year, Scanlan said. While $12.6 billion was spent on IT in health care in 2016, cybersecurity in the industry is still lacking, he said.
“HHS is trying to make a major leap over that problem,” he said.
Case in point: The Cybersecurity Information Sharing Act has tasked HHS with establishing a common set of voluntary, consensus-based and industry-led security practices to help health care organizations cost-effectively reduce their cybersecurity risks, Scanlan said.
“Congress recognizes the scope of this problem,” he said. “We’re looking to create public and private partnerships, and trying to build a crowdsourcing model.”