Premier’s chief information security officer identifies the organizations most at risk, and how best to safeguard against future attacks
Repertoire Magazine – August 2021
If you thought your news feed has been inundated with cyberattack stories in the last few months to a year, you’re not wrong.
Ben Schwering, chief information security officer (CISO) for Premier Inc., says the United States has definitely seen an uptick in cyberattacks in an attempt to infiltrate or compromise healthcare organizations during the pandemic.
Threat actors are looking to take advantage of the overall state of unrest. Many healthcare organizations were stretched thin and operating under extreme circumstances, thus more susceptible to things like phishing attempts. “Threat actors were using the pandemic as an opportunity to say, ‘Hey, we have an entire industry that’s under duress, they may not be as vigilant as they would be under normal circumstances, let’s see if we can if we can take advantage of that,’” Schwering said.
The general state of urgency around all things related to COVID added to the vulnerability. “If you had a well-constructed phishing attempt, or well-constructed malicious website, just given the overall sense of urgency, and in some cases panic, it was more enticing and more likely that a person may click on one of those links.”
The supply chain was particularly vulnerable as teams scrambled to source product from alternate vendors. Organizations involved in the research, logistics, and distribution of the COVID vaccine also faced increased attacks. “The threat actors know that if they can compromise you at any leg of that supply chain, that you’re going to be more apt to pay the ransom because you’re in a state of emergency dealing with the pandemic,” said Schwering. “And ultimately, that’s their goal.”
The attacks can cause many different types of disruptions, including patient care. For instance, some hospitals have had to turn away patients from emergency departments because their IT infrastructure was compromised and they couldn’t access health records. While those are extreme cases, hospitals could also be dealing with not being able to admit patients, schedule procedures, or reschedule surgeries because systems are down.
The best safeguards involve sticking to the basics of cybersecurity, Schwering said. “There are a lot of good frameworks out there,” he said. Having a strong Incident Response Program, knowing how you would react if an event occurred, is important. And if your organization was compromised, understanding what your processes and procedures are to get back up and running quickly is critical.
On a more tactical perspective, multi factor authentication, network segmentation, vulnerability management, strong malware protection, and strong email protection have been essential building blocks for IT. “The most successful organizations have layers of automation on top of those traditional protections,” Schwering said. For instance, if a malicious email gets through but is recognized, automated action can immediately isolate the infected machine that received the email. Having that layer of automation increases the speed in which you can respond to an incident. “And when it comes to incidents like ransomware, or malware, that speed, sometimes a few seconds, matters. Plus, you’re not relying on a human being there at 3 a.m. If you have those strong processes, procedures and automation in place to react, your chance of successfully fighting off an attack are greatly increased.”