Speaking at the American Hospital Association’s annual membership meeting, FBI Director James Comey said that one of the key approaches the bureau is taking to improve its responses to cyber security threats is to build stronger relationships with “private community entities,” according to an article posted on the FierceHealthcare website. Hospital executive teams that don’t know at least one person at the FBI’s local field office are “failing, and we’re failing,” he said.
Comey urged hospitals to let go of the potential fears that can come from enlisting the help of the FBI. For example, the bureau has no interest in private medical information and data, he said, and any internal information will not be used against a provider. Instead, groups harmed in a cyberattack will be treated like victims of a crime.
Health care organizations are major targets for cybercriminals, Comey said, because the sensitive data they collect can be sold at a high price for use in fraud and identity theft. Medical devices are also increasingly becoming a target.
He identified three areas that providers should consider as they develop plans to avoid or mitigate cyber threats:
1. The “weak link” in cyber attacks is people, according to Comey. Therefore, providers must develop a culture of security in their organizations. This includes training staff to recognize and prevent cybercrimes, and it may require a second look at who has high-level access to a hospital’s database. The more avenues there are into the highest levels of security, the easier they are to breach, he said.
2. Providers should also address vulnerabilities in their technology by updating and patching systems regularly to prevent intrusion, Comey said. Regular system tests can also help flag vulnerabilities before a hacker can get in.
3. A business continuity plan can prevent down time and help providers avoid having to pay in the case of a ransomware attack, he pointed out. Real-time data backups can ease the pain of such an attack, as they allow an organization to continue work without having to give in to a hacker’s demands.
Source: FierceHealthcare; May 8, 2017.