Past cyberattacks offer clues to future threats HIT execs may face

Recent cybersecurity attacks—how they were executed or thwarted—can provide solid guidance on how to blunt future attacks.

Healthcare organizations must understand past cyberattacks to gain knowledge that enables them to move nimbly with tomorrow’s threats, says Ron Mehring, chief information security officer and vice president of technology and security at Texas Health Resources.

During an educational session at HIMSS19, Mehring advised attendees to examine how hackers mounted recent attacks elsewhere.

There is no time to wait as providers must recognize the regulatory pressures ramping up as the HHS Office for Civil Rights continues to want to see better data security processes and measures across the industry. This will require providers to focus on improving regulatory compliance, security, privacy and safety, including local and state privacy laws.

Also See: HSCC releases medical device health IT cybersecurity plan

That’s why healthcare stakeholders need to get the security guidance from the Food and Drug Administration, Mehring urged session attendees.



Stakeholders also should get the guidance, “Safeguarding Health Information: Building Assurance through HIPAA Security,” from the National Institutes of Standards and Technology, or NIST. Mehring also recommended guidance from the Food and Drug Administration.

When considering implementation of network-enabled devices, don’t look at a device as a single thing, but how that device can interact with other devices to mitigate enterprise harm, he advised. Make sure controls are accounting for protection across the system.

Above all, avoid malaise, he emphasized. “Follow the Marine Corp approach to war and automating processes. The quicker we react to observe the incident, and to automate observations is key because people are slow. The closer we get to automation and controls testing the better we’ll have a handle on this.”