The health care industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector's information security resiliency.
There are many challenges, particularly for smaller organizations that may not have dedicated IT staff, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center, or Health-ISAC. The group is dedicated to sharing threat intelligence in the health sector.
"Ultimately, I think it does come down to lacking those sufficient resources on information security budgets - not having the technology that's needed to adequately address the enterprise," Weiss says.
For those smaller organizations, Weiss says Health-ISAC's advice centers on aspects that those organizations have control over. Weiss says that includes training and awareness, toolkits that might be helpful and ensuring organizations have a backup regimen.
"If you look at all those recommendations they tend to be sort of 'How do you avoid becoming a ransomware victim?," Weiss says. "And those are usually very effective."
In this video interview, Weiss discusses:
- What cybersecurity challenges health care institutions face;
- How hospital boards view cybersecurity investments;
- How Health-ISAC helps health care institutions improve.
Weiss is chief security officer with the Health Information Sharing and Analysis Center, or Health-ISAC. He was formerly an executive vice president with Citigroup's IT risk and program management office. Further back, he was a senior network security analyst for the National Security Agency, responsible for conducting vulnerability analyses and penetrations of highly classified U.S. Government computers and network systems.