Healthcare organizations are increasingly concerned about ransomware attacks, which are the most significant threat to hospitals and healthcare facilities. Nate Lesser, CISO of Children’s National Hospital, emphasized the importance of cybersecurity as a team sport and advised healthcare organizations to work within their existing incident response mechanisms to create a cyber incident protocol involving all employees. Lesser also highlighted the importance of getting executive leadership support when launching an organization-wide cyber response protocol and exercising the protocol to ensure its effectiveness.
The 2023 HIMSS Global Health Conference & Exhibition held in Chicago highlighted the concerns of healthcare organizations regarding cybersecurity. Ransomware is the one that should worry you the most because it has started to pose a serious threat to hospitals and other healthcare facilities all over the world. According to Nate Lesser, vice president, and chief information security officer of Children’s National Hospital, 76% of healthcare institutions pay ransoms, which is how the attacks are funded.
Lesser emphasized that there is a shortage of information security talent, and even if the budgets and reimbursements were up, there would not be enough talent to go around. To make matters worse, cyber attackers are now using artificial intelligence to launch highly sophisticated social engineering phishing attacks, making it harder to protect against them.
Lesser emphasized the importance of cybersecurity as a team sport. To mitigate the risk of cyberattacks, organizations must work within their existing incident response mechanisms to create and practice a cyber incident protocol that involves all employees. At Children’s National Hospital, all the hospital’s employees are considered “force multipliers.” When a “code dark” is called, all employees know they have to act quickly to reduce “the blast radius.”
To help contain the attack and improve the speed of recovery after a cyberattack, employees are asked to take the following steps:
- Disconnect workstations and internet-connected devices.
- Await instructions from the IT department before reconnecting computers.
- Report to managers for specific downtime actions.
- Know and follow emergency policies and procedures.
Lesser noted that it is critical to get executive leadership support when launching an organization-wide cyber response protocol and to partner with device owners, like radiology departments. However, for the protocol to be effective, employees need to exercise the steps, develop department policies, have downtime procedures in place, train on downtime procedures, and exercise all the steps again.
Exercise is critical to operationalizing “code dark” because employees need to learn how to recalibrate for downtime procedures. They cannot print downtime sheets when printers are offline or access controlled medication if they do not know where the key is to switch the automated medication dispensing system to downtime mode.
To present cyber response protocols to individual teams and departments throughout the organization, Lesser advised going to meetings that are already happening. He also noted that calling and timing a “code dark” is a “fine line” the hospital is still trying to figure out. “But I am sure that by having this conversation with your staff, by doing so, you automatically increase your odds.
