Cybersecurity dominated healthcare news in 2022; high-profile data breaches and cyberattacks showed that healthcare organizations' cybersecurity postures are increasingly tied to their financial bottom line.
Becker's received responses from five chief information security officers on the top trend in healthcare cybersecurity in 2022.
Editor's note: Responses have been lightly edited for clarity.
Jack Kufahl. Chief Information Security Officer of Michigan Medicine (Ann Arbor): I am tempted to say that it was "zero trust washing," wherein many vendors started overhyping the context and potential value of the concept, but were perhaps overapplying it to their product and service portfolio. At least for me, it quickly came a dog whistle for sales or, in some cases, an outright junk filter key term. As available cash for cybersecurity expenditures in the sector is tightening, vendors should consider ways of engaging and learning about individual companies or institutions actual problems they are prioritizing instead of assuming what you have is what you need. We need vendor partners, not pariahs.
Steven Ramirez. CISO of Renown Health (Reno, Nev.):Ransomware was on all organizations' radar in 2022. Ransomware gangs were able to exploit healthcare security deficiencies successfully in large numbers. We are also seeing the trend toward data destruction versus ransomware, instead of just ransomware, groups are moving to data destruction as it ensures that the actor maintains the only copy of the victim's files post-intrusion, eliminating any chance of data recovery without payment due to the bad luck of being an affiliate to a flawed ransomware-as-a-service. This all relates to healthcare cyber hygiene as a whole. We need to focus better on security fundamentals with early detection, access controls, defensive mechanisms and utilize emerging technologies like deception and artificial intelligence. Our hygiene and preparedness levels are all closely related to the compounding trends of zero-trust and segmentation.
Shefali Mookencherry. CISO of Edward-Elmhurst Health (Warrenville, Ill.): Breaches and ransomware attacks continued to dominate in 2022, although we did see more federal legislation to protect patient privacy and security.
Mauricio Angée. CISO of University of Miami Health System:
- Phishing attacks increased in 2022
- Ransomware
- Zero-Day attacks
- Attacks against IoT/medical devices
- Stage attacks
- Supply chain attacks
Erik Decker. CISO of Intermountain Healthcare (Salt Lake City):
Criminal organizations continue to double down their attacks against healthcare organizations, causing disruption and extorting their operations for profit. The good news is there has been amazing momentum in the critical infrastructure partnership between the United States government and the health and public health industry.