Information sharing

CISA Official: Health Care Sector Must Improve Cybersecurity Information Sharing Capabilities

Lauren Boas Hayes, senior adviser for technology and innovation at the Cybersecurity and Infrastructure Security Agency, said health care organizations must have better communication and threat sharing capabilities with the agency to improve the sector’s cyber posture.

Speaking at the 2022 ViVE event, Boas Hayes said investing in cybersecurity for the health care system is imperative because it is a critical service that remains a top target for ransomware and cyber threat groups. Citing an updated CISA alert, she shared that the Conti ransomware has targeted over 400 health care and first response organizations worldwide.

The senior adviser said critical services must always be on high alert in times of tension. She pointed out that sharing information with CISA will give organizations a better chance at protecting patient safety and health care infrastructure, SC Media reported.

According to Boas Hayes, cybersecurity should not be an area where budgets are cut. She explained that maintaining a healthy cyber posture could be the difference between segregated cyber infections and full-on system damage that could shut down operations for long periods of time.

The senior adviser shared that cybersecurity investments should be directed toward end-of-life device reliance, vulnerability management, multifactor authentication and password hygiene. She also argued that investments should also be aimed at vulnerability management in light of the issues brought about by the expansion of internet-connected devices, remote operations and medical electronics.

Boas Hayes also told health care operators that CISA has a list of vulnerabilities that they can look at to avoid potential damages. The agency also offers no-cost vulnerability scanning services for critical infrastructure entities, she shared.