75% of health orgs live below cybersecurity poverty line
SAN FRANCISCO — After attending a meeting with the Health and Human Services Department and security experts, Kaiser Permanente Chief Technology Risk Officer George DeCesare came away with a startling realization.
“Seventy-five percent of the healthcare industry is below the cybersecurity poverty line,” DeCesare said at the HIMSS and Healthcare IT News Privacy & Security Forum on Thursday.
Here’s the rub: Unlike the federal poverty line based on household income, there is no clear definition of what the cybersecurity poverty line is. But DeCesare explained that it’s a matter of either investing enough to protect your patient data or not investing adequately.
It’s going to become more important than ever to remain above that poverty line in 2017, 2018 and the years ahead.
Kaiser, for its part, fends off more than 3 billion security events every day, including some 36 million unauthorized network attacks, DeCesare said.
He added that the top threats Kaiser is preparing for include: hackers, state sponsors such as Russia and China seeking not just healthcare information but intellectual property and organized crime using ransomware and other attacks types looking for money.
“Ransomware will move from just locking down computers to exfiltration,” DeCesare said. “IoT: We have seen vulnerabilities detected in medical devices — we’ll see more of that.”
DeCesare also pointed to emerging threats Kaiser is girding for including the dark web, ransomware-as-service and medical device vulnerabilities.
“Healthcare will continue to be highly targeted,” DeCesare said. “We’ll see ransomware continuing to evolve, ransomware will get a lot smarter.”