April 16, 2020: Healthcare systems have always been major targets for cybercriminals but the risk of threats has become more serious than ever since the pandemic. In this field report, we speak with Vugar Zeynalov, CISO of Cleveland Clinic to hear more about what he and his teams are doing to support the rapid increase of virtual communications between patients and providers from a privacy and security perspective. Vugar fills us in on how cybercriminals are exploiting the situation by luring people into payment schemes through texts and emails with fake news content. He talks about how the Cleveland Clinic is combatting this by providing a reliable feed of trustworthy and secure information via Twitter. We also hear about the scaling in telehealth and remote work everybody has been talking so much about, but this time from the perspective of security. Vugar describes all the efforts he and his multidisciplinary teams have been making to keep privacy top of mind even in light of the HHS decision to postpone the enforcement of privacy standards that were in place before the crisis. We wrap things up hearing a few best practice recommendations from Vugar about the new roles security technicians are having to play at present, and he weighs in strongly on the value of collaboration and skill swapping. Tune in for another informative field report, this time on the theme of security and privacy in the crisis.
Key Points From This Episode:
- Notes on the scope, culture, and current situation at Cleveland Clinic.
- Vugar’s career-changing experience working at such a high-level caregiving institution.
- How Vugar is supporting the great staff at Cleveland from a security IT perspective.
- What Vugar is seeing regarding threat activity during the pandemic.
- How criminals are using COVID-themed messaging leading people into payment funnels.
- What the schemes are exploiting: curiosity, tired providers, and changing health systems.
- The trustworthy information Cleveland is curating on Twitter to put a stop to crimes.
- Debunking myths that cybercriminals are choosing not to attack health providers.
- The rapid scaling of virtual visits and how cybersecurity is being woven into that.
- Perspectives on HHS postponing the enforcement of privacy settings.
- Cleveland Clinic’s use of a multidisciplinary cybersecurity team.
- Best practices and recommendations for software and tools for remote work and Telehealth.
- Integrating communication service providers into the heavily regulated healthcare space.
- Three security measures that communication providers have to implement.
- New duties security professionals have since the crisis: securing platforms and collaborating.