Cybersecurity experts from Federal, state, and local governments agree that in wake of increased cyberattacks during the COVID-19 pandemic, it’s increasingly important to protect healthcare data through an elevated cybersecurity posture.
During FedInsider’s CyberRx: Securing Healthcare Data on June 24, experts shared how the pandemic had changed their organization’s cybersecurity controls and the future of protecting healthcare data.
Ricardo Blanco, CIO and deputy executive commissioner of IT at Texas Health and Human Services (HHS) said during the pandemic, his agency saw an increased number of cyberattacks and had to reassess its cyber capabilities to keep healthcare data safe.
“HHS faced prior to COVID, roughly 90 million attempted cyberattacks annually. During the COVID 19 pandemic, that increased to 532 million attempted cyberattacks annually,” Blanco said. “So, one of the things we did is we brought in a third party to assess our capabilities to thwart ransomware attacks. We increased our communication within users and strategies to keep agency systems and data safe. We established a dedicated cyber threat intel program to minimize the attack surfaces.”
Healthcare data was the “goldmine” to make informed decisions throughout the pandemic, according to Gerald Caron III, CIO and assistant inspector general for IT at the U.S. Dept. of Health and Human Services, Office of the Inspector General. But in turn, it’s also a goldmine to hackers, which is why security is key to protecting such data.
“Data is making informed decisions,” Caron said. “The integrity of that data is very important to make those informed decisions. You got to believe in that data, you got to understand that data, and I think it’s really helping the Federal government, not just our agency, in making the right decisions going forward and understanding what’s happening, especially during the pandemic.”
“It’s just becoming utterly important, but as a result of course there’s the security aspect of it now that you’re bringing all this data together and it is your goldmine,” he added. “You got to be able to protect it.”
Private- and public-sector collaboration will be critical in developing software with increased security, according to Joseph Ronzio, deputy chief health technology officer at the Veterans Health Administration.
“We couldn’t do what we want without the vendors and the collaborations we have,” Ronzio said. “Other government agencies – everyone needs to work closely. The vendor teams, as you’re developing stuff or looking at stuff, start with the end in mind and the security that you’re going to need up front. I keep pointing to, if you meet the highest levels of security in the United States for U.S. government operations, you actually meet almost every security requirement worldwide. It starts with the basics. So, if you’re going to market to the U.S., do the highest level possible, and then come back from there – especially if you’re in healthcare right now.”