Booker, a former CISO at UnitedHealth Group, says the assault additionally serves as a blaring reminder to healthcare organizations to “ensure you concentrate on the fundamentals and important safety measures, like multifactor authentication, have them the place you want them, which is in all places, and have a solution to know that what you’re doing is correct, have an assurance capabilities that reveals your stuff is working.”
Requires extra healthcare organizations to tighten safety
Authors of the HIMSS report additionally known as for extra to be finished, as an illustration, writing that “whereas virtually two-thirds of respondents indicated that their board of administrators are frequently briefed concerning cybersecurity threat, this quantity must be larger. Ideally, extra healthcare organizations will embark upon the proactive journey of frequently briefing their boards of administrators.”
The authors moreover known as out the necessity for extra provide chain threat administration: “Lower than half of respondents (41.92%) to this survey indicated that their group has established a cybersecurity provide chain threat administration program. The rest of respondents (58.08%) indicated that they both didn’t have such a program or have been not sure. The chance of not having a strong cybersecurity provide chain administration program is that there could also be an excessive amount of dependency on one vendor or provider.”
And HIMSS officers advocated for healthcare entities to undertake the NIST Cybersecurity Framework Model 2.0 and the just lately launched US Division of Well being and Human Providers’ voluntary cybersecurity efficiency targets (CPGs).
Others agree that such strikes must occur — and occur quick.
Sen. Ron Wyden, a Democrat representing Oregon and one in every of many US lawmakers calling for extra scrutiny of UHG within the aftermath of the assault, has criticized the gradual tempo of motion. He has faulted the Biden administration’s timeline for placing healthcare cybersecurity rules — saying the yearend objective is just too far out.
“Each new devastating hack hammers house the necessity for obligatory cybersecurity requirements within the healthcare sector, significantly on the subject of the biggest firms that tens of millions of sufferers rely upon for care and medication,” Wyden says in an announcement to CSO. “With out motion, sufferers’ entry to care and their private well being data might be compromised and ransomed by hackers time and again.”
Weiss says healthcare safety leaders and different sector executives acquired that message and they’re working to be taught classes from the Change Healthcare incident and to implement extra safety measures to enhance their very own safety posture and their very own resilience.
Benjamin Luthy, program director of cybersecurity and an adjunct professor at Champlain Faculty On-line, says it’s a worthwhile train: “Everybody can be taught a lesson; anybody who leads a safety or data expertise program can be taught from this.”
