Oct 14 2021

Q&A: Gary Gooden on How Healthcare Organizations Can Defend Against Evolving Threats

Cybersecurity attacks are becoming more sophisticated and frequent. In incident response planning, technology and training must come together to protect patient data.

The healthcare industry has experienced a historic increase in the number and severity of cyberattacks over the past two years. Attacks against healthcare organizations rose by 55 percent in 2020 compared with the previous year, according to cloud security firm Bitglass.

Gary Gooden, chief technology and security officer at Seattle Children’s, spoke with HealthTech about the growing threats and how healthcare organizations can mitigate risk through training and technology — key defensive strategies in incident response planning.

Click the banner below to dig deeper into incident response with planning guidance from CDW.

HEALTHTECH: Why is healthcare such an attractive target for cybercriminals?

GOODEN: Protected health information is coveted. It’s worth a lot of money on the dark web, even more than the traditional sources of predation such as credit cards, personal information and Social Security numbers. Health information has all of it and is very valuable to bad actors.

HEALTHTECH: What sort of threats are healthcare organizations facing? Can you give some examples?

GOODEN: I would say about 85 percent of all attacks against healthcare organizations are delivered through email as the primary vector. Most of that is some form of ransomware. There are also brute force attacks and drive-bys, where they stage attacks against the firewalls and external perimeter.

EXPLORE: Learn why layered security is essential to incident response planning.

HEALTHTECH: We often hear that humans are the weakest link in cybersecurity. What is social engineering, and how are criminals using it to breach systems?

GOODEN: You have lures. Humans are curious. Bad actors are creative and always thinking of interesting ways to get credentials from you. They’ll have you click on a link or a file that will download something to your endpoint device. It’s all based on human curiosity. Social engineering feeds on that and creates lures in a way that makes them seem attractive or necessary to interact with.

HEALTHTECH: What can healthcare organizations do to assess their risk and identify vulnerabilities?

GOODEN: Every organization is different. The first thing you want to do is ensure you have the basic blocking and tackling technologies. Do you have firewalls? Do your email systems run through a gateway that filters threats? Are you looking at where attackers may be coming from and using threat hunting? If you have base components in place, you want to spend your time looking at the controls that are deficient.

Click the banner below for more security and incident response planning content from HealthTech.

HEALTHTECH: Why is organizational culture such an important component of cybersecurity?

GOODEN: Because of the social engineering component. It’s not just about senior executives; these lures can go to anyone who has active credentials. There are individuals who, by virtue of bad practices, become an internal threat to themselves. Cybersecurity starts with the end user, and education and awareness are essential. You can have the best technology and penetration testing in place, but staff simply becomes the vector in your attack chain without a situational awareness training program.

HEALTHTECH: What sort of cybersecurity do you have in place at Seattle Children’s?

GOODEN: We have next-generation firewalls and methods to look at traffic moving, anomaly behavior. We run 24/7 operations looking for any potential anomalies. We also have managed endpoint technologies that look for anomalies in the endpoints and infrastructure. We manage our emails coming in through the corporate email gateways. In addition, we have a physical security practice to ensure all cameras and medical devices are managed. It is a fairly comprehensive suite of things that occurs 24 hours a day, seven days a week, 365 days per year.

GET THE WHITE PAPER: Find out why there's a need for effective incident response.

HEALTHTECH: How does a healthcare organization qualify the performance of its cybersecurity efforts?

GOODEN: There are a couple of different ways. You can run annual testing against your environment and have external audit groups that audit the effectiveness of the security controls. They can report on what they call governance, risk management and compliance (GRC) to consider the maturity of the security controls and how you score against that. That’s more for higher-level reporting, and you use that to establish the risk of your organization on a daily basis. 

HEALTHTECH: Why is it important for healthcare organizations to continually reassess their risk and evolve?

GOODEN: Advanced persistent threat groups are constantly innovating. They have an organizational structure, operate as for-profit businesses and are constantly attacking. It’s easier for them to attack than it is to defend. We regularly must ensure we are investing in the appropriate next-generation technologies, that we are constantly auditing and testing the controls we have in place, and that we know who is actually attacking us. Reinvestment is a constant theme. If you understand who is attacking you, you can put the controls in place and adapt them over time. They only have to get this right once. We have to get it right every single day, 100 percent of the time.

gorodenkoff/Getty Images