The healthcare industry is a primary goal of organized attacks, as has been shown near everyday for the past decade-plus. From the boardroom to the circumstance space, exam rooms, and operational back rooms, the importance of contingency planning has been suddenly recognized. One of the biggest problems facing the health system is that its chief information security officers are at the forefront of providing persistent treatment in the face of frequent attempts at network intrusions and complete system closures. The CISO’s work description has been continuously evolving over the past few years, much like the CIO’s position, as ransomware attacks have become more popular. ” It had started as ‘ data security’ or ‘ information security,’ with a large emphasis on ensuring the security, accuracy or integrity and availability of the data”, explains Erik Decker, CISO at Intermountain Health. Bad actors have now created markets where data, entry, and privileges can be purchased and sold, thereby attracting organized crime to the modern ecosystem, compelled CISOs to adopt the adversary strategy, despite the statement that “data was always at the center of the conversation.” In the age of malware, bargaining with hackers is equivalent to fight. At the approaching HIMSS 2024 Healthcare Cybersecurity Forum, scheduled for October 31 through November 1, in Washington, D.C., Decker did moderate a screen on personal responsibility, budgetary constraints, and difficult company climates. Reconsidering response to intrusionsSmash-and-grab achievements will probably continue to vex medical systems, according to Darren Lacey, CISO at Johns Hopkins University and John Hopkins Medicine for more than 18 years. ” It’s not hard to take a calculator, and a calculator could have 100, 000 labels on it”, he noted. Lacey, who did add Decker, Kate Pierce, top Virtual CISO and senior director of government affairs at Fortified Health Security, and Dee Young, CISO at UNC Healthcare, for the discussion, said the greater challenge is system-halting attacks– like the Change Healthcare ransomware attack in February that damaged healthcare operations global for months. Some lawmakers this year want to see more effort to stop crippling disturbance in the crucial sector because of the magnitude of that attack. Governments and industry will continue to work harder to stop these attacks, which will presumably include a boost for the needs-based organizations as well as enforcing maximum cybersecurity standards in healthcare, according to Decker. Lacey said he thinks that the reaction of healthcare systems in particular does make things worse in some situations. He said,” I think we need to start reevaluating how we conduct systems trust.” The usual response to program intrusion is that” all conflict” is assumed, explained Lacey. ” Assuming breach, we plan as if violation is a tornado”. However, in that posture,” we do n’t actually assume breach”, the industry veteran said. What wellness IT team assume is that a computer or account has been compromised somewhere in the community, and no devices on the system can be trusted and must be shut down. ” So the blast radius, even though the attack may be fairly low, is huge”, said Lacey. It’s understandable because what we’ve done over the past 20 years is consolidate administrative credentials into a much smaller number that makes them more secure. However, we need to develop strategies to reduce the risk of self-imposed blast radius and increase its resilience over the current model.” We think about cybersecurity events as these extraordinary events – a comet hit us, a tornado,” he said. However,” the tornadoes flying through the data center are much more common than people believe.” Reduced downstream damageLacey suggested that organizations begin tabletop “assuming breach” to reduce “downstream damage.” ” It may be how we set up administrative accounts”, he said. His point is that changing the way trust is managed may preserve resilience and ensure better care continuity, in his opinion.” It may be how we do logging, it may be how we do risk analysis, and it may be a recalibration of our risk analysis.” ” We’d devise different strategies if our main goal was to preserve resilience”, he said. ” How many systems at Change Healthcare were actually compromised”? Lacey asked rhetorically. The number of systems affected by that attack, which had a significant impact on healthcare operations across the country, was not excessive, he explained. It was the complex web of dependencies between administrative accounts. Lacey remarked,” It became very challenging to unpack the entire thing and figure it out.” If it’s impossible to have any idea about how the adversary is behaving at the time of data transactions, then shutting down systems broadly probably makes sense, Lacey acknowledged, but understanding data integrity at the time of an attack could help improve healthcare’s resilience. The likelihood that the integrity of the data has been compromised is unclear in an attack, Lacey said, though it may put the patient at risk of a bad medical outcome at the time of the encounter. ” If you had a better understanding, what]incident response ] behaviors might then be appropriate”? It’s really about the data’s integrity, he said, and it’s not difficult to imagine how one could trace back that information so confidently that they can be 99.99 % certain that it has n’t been altered. Artificial intelligence’s role in the cyber-warfare of healthcare ” AI will be used both offensively and defensively, it is yet to be determined which side will have the advantage”, said Decker. Which group will have the advantage is split, Lacey said. At what he called” the first level,” where there is a cribbed understanding of cybersecurity, healthcare cybersecurity teams will be better off than the attackers. Because our data will be able to understand more complex relationships of data than they would otherwise, he said,” It gives us more tooling than it gives them.” But AI technology means” we’re going to be buried in disinformation”, he said, putting CISOs in the business of disinformation prevention. We are “in no way prepared for” those risks in the current state of cybersecurity, he said. Andrea Fox is the publisher of Healthcare IT News. Email: afox@himss .org Healthcare IT News is a HIMSS Media publication. The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D. C. Learn more and register.