News | Published: Thursday, October 17, 2024 6:50 pm
Join us in Denver (or virtually!) on Saturday, Oct. 19 at 8:45 a.m. MT in Colorado Ballroom A for "Securing Health Systems: Preparing for a Cybersecurity Breach."
At CV Transforum Fall’24 in Denver, Andy Tomaszewski, director of consulting with a focus on strategic cybersecurity and security program transformation at Google, shared his perspective from over 30 years of business and elite IT leadership to inform cardiovascular care leaders about how to prepare their systems for ransomware attacks.
"2024 has been a very, very tough year for cybersecurity in healthcare," Tomaszewski stated, underscoring the unpredictability of ransomware incidents. “These are crises that organizations often don’t plan for, and once they experience them, the usual protocols can go out the window.”
Tomaszewski detailed the evolving nature of threat actors and their strategies. He noted that dwell times – the period a threat actor can remain undetected in a system – are decreasing. “As detection capabilities improve, attackers are adjusting their tactics and acting much faster,” he explained. The financial implications of cyber breaches are staggering, with the average cost of a data breach in healthcare exceeding $9.77 million.
Tomaszewski encouraged attendees to establish clear policies for managing aging systems and to document their "crown jewels" – the most critical data assets – as a preventive measure. For the healthcare industry, establishing policies for end of life/end of support policies aligned to technical debt risk tolerance saves time and reduces downtime during a ransomware attach. Tomaszewski stressed the need for routine executive and technical tabletop exercises to ensure organizations can respond swiftly to incidents. “Companies that conduct regular drills can significantly lower the impact of real-world incidents,” he stated.
Additionally, he highlighted the importance of third-party vendor management as the most important area for preventive measures in the healthcare field. “Healthcare organizations often rely on numerous partners. It’s vital to have attestation letters in place before an incident occurs,” he said, urging leaders to scrutinize contracts with vendors to ensure they can provide support during crises.
As the session concluded, Tomaszewski expressed hope for the future of healthcare cybersecurity, emphasizing the role of ongoing education and preparedness. “By fostering a culture of security awareness and proactive planning, we can better protect our healthcare systems and ultimately, our patients,” he said. The session served as a crucial reminder that in an era of increasing cyber threats, healthcare leaders must remain vigilant, informed and prepared to safeguard their organizations against potential threats.
By continuing to use our site, you agree to our Cookie Policy, Privacy Policy and Terms of Use.
