HEALTHCARE SECURITY FORUM: A HIMSS EVENT
Boston, MA - September 11 - 13, 2017
By Michael Figueroa, CISSP
Michael Figueroa, CISSP, serves as Executive Director of the Advanced Cyber Security Center (ACSC) in Boston. Figueroa, a featured speaker at the Healthcare Security Forum on Sept. 12, shared his insights about the current state of cybersecurity in the health sector.
Get involved. Join us for our #HITsecurity Twitter chat on Aug. 24, 2 p.m. Central Time to discuss your cybersecurity insights and connect with other industry experts.
Security is a team sport best played collectively. Unlike other specialties that generally remain static over time and require only periodic enrichment to maintain expertise, security is a dynamic, constantly changing space that demands sustained attention. When organizations practice security in isolation, they rely on themselves to assume responsibility for all of the necessary care-and-feeding. However, unless security is a primary objective, more direct business concerns take priority. In the health sector, organizations will always rightly prioritize patient care over cyber protection.
As a leading federally registered regional Information Sharing and Analysis Organization (ISAO), the ACSC serves as a security community hub that encourages cross-sector collaboration so organizations can share effective security practices with each other to better distribute the load. Our mission bases on the premise that by enabling organizations to collectively address common problems and reduce duplicative effort, we can deepen the capacity of the broader cyber community and establish a new baseline for security.
Consequently, what we promote is the awareness that cybersecurity is a constantly moving target and healthcare organizations can benefit from a more collaborative approach. Not only can they learn from other healthcare organizations that share their mission priorities, they can also benefit from the effective practices employed by other organizations outside their sector. This includes those organizations that operate at the forefront of technology and often must experiment with new approaches before organizations in more conservative or regulated market spaces.
The key for health sector organizations is to maintain open communications with their peers to build a stronger community defense. As security resources are limited in each individual organization, a community banded together works better to collectively assess the damage potential of large-scale cyber-attacks and enhance proactive responses to prominent threats. When one organization does suffer damage, leveraging a trustworthy collaborative response will not only improve the community’s ability to maintain access to critical services, it will greatly increase the cost to the attacker against conducting additional attacks on others in the community.
At the ACSC, cyber defenders at our member organizations routinely share their responses to attacks they have seen from large scale, state-sponsored attacks, often detailing their response processes and outcomes. In one case, an organization facing a significant Advanced Persistent Threat (APT) realized that the initial response had succeeded in pushing the attacker in blind spots on their network. Working with cyber defenders from another ACSC member, the organization quickly implemented a new response strategy that finally rooted out the attacker.
Cybersecurity works best as a team sport. When attacks happen, organizations that work together will ultimately develop stronger defenses against adversaries and shift the advantage back in favor of the cyber defenders versus the attackers.Find out how other industry leaders are creating proactive cybersecurity cultures at the Healthcare Security Forum in September.