It's no surprise that cybersecurity is on the minds of hospital and health system executives as healthcare continues to see a rise in ransomware attacks. Howard Haile, chief information security officer at Denver-based SCL Health, is among those leaders.
For the past seven years as CISO, Mr. Haile has spearheaded strategic initiatives designed to keep confidential information safe at the health system.
Below, Mr. Haile shares his expertise on cybersecurity and offers insights on how hospitals and health systems can protect themselves from cyberattacks.
Editor's note: Responses have been lightly edited for clarity and length.
Question: What is the reason for the rise in cybersecurity incidents, specifically ransomware attacks at hospitals and health systems?
Howard Haile: The recent rise in cybersecurity attacks against healthcare is because the attacks have been effective, so the velocity of attacks is increasing. Ransomware attacks are financially motivated, so if an attacker can disrupt operations of a clinic or hospital then the victim is more likely to pay, which is the goal of the attacker.
Q: How do you prevent employees from falling for phishing attacks and other hacking scams?
HH: The best way to prevent employees from falling for phishing attacks or other scams is to prevent as much malicious email as possible from reaching the employees' mailbox. The next step is to train employees on how to spot phishing emails and run phishing exercises that gauge the effectiveness of training. Then retrain employees as necessary to reduce risk.
Companies should provide an easy way for employees to report possible phishing attacks, coupled with defined incident response procedures to rapidly respond to the phishing attack as they occur.
Q: Aside from phishing attacks and ransomware attacks, what other cybersecurity threats are you managing? Is there a cyberthreat hospitals should be aware of?
HH: You will see social engineering, phishing and ransomware continue to be prevalent, but these attacks are evolving. Phishing attacks launched from trusted sites such as Google or Microsoft using links buried in online services such as Google Docs or Microsoft Word are increasing. This makes blocking and detecting phishing attacks more difficult.
Attackers are also looking to move beyond phishing for ransomware and are exploiting remote access networks to deliver ransomware.
An increase in "island hopping" or exploiting third party suppliers in attempt to bypass a company's security defenses is a growing risk point. The attacker's goal is to gain access to less secure partner networks, and then gain access by exploiting the connected network relationship between hospitals and their partners.
Password spraying attacks are also becoming more common. These attacks are an attempt to gain access to a hospital's network by exploiting weak remote access to healthcare networks or software-as-a-service providers.