HEALTHTECH: How has the pandemic put more focus on healthcare security?
WARE: One of the things about CISA that’s unique is that we are designed to protect critical infrastructure broadly. It’s in our DNA to think about what kinds of critical infrastructure would be affected if there were, say, a big earthquake and then deliver services to that region.
In the same way, very early on in the February time frame as we were watching the pandemic, which was largely overseas at that time, we started to ask ourselves, “Well, what’s going to be impacted in the United States as this pandemic emerges?”
So, we started a program called Project Taken in March to address the risks of any kind of disruption of the COVID response. Not just for healthcare, but also for certain parts of the supply chain, such as PPE, medical devices and lab companies that do testing.
And then, as we went into May and June, that focus also included — and is now our primary focus — the vaccine manufacturers, the anti-viral manufacturers, those that are going to be responsible for getting us a vaccine for COVID.
HEALTHTECH: Where do the biggest risks come from in healthcare?
WARE: The healthcare sector has the same risks as every other sector. All of a sudden, we’re doing so many more things online, remotely and via telework. All of those teleworking vulnerabilities apply to them just like they do to us, and maybe more so in the sense of telemedicine.
Second, ransomware could impact critical health and hospital care. From 2017 to 2019, half of all ransomware attacks were in the healthcare sector. When lives are on the line and timing is critical, from the perspective of a malicious criminal actor, that’s someone who’s more likely to pay the ransom.