Can your health system CEO say “we did everything we could to ensure the continuity of care in our community in the event of a ransomware attack.”?
If not, maybe it’s time to escalate this to the top STRATEGIC priority for the health system. It is after all a patient safety issue and a civic responsibility issue.
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.
Reuters also reported today that ransomware attacks will now be given similar priority as terrorism by the US government due to their ability to disrupt critical services and the financial impact on US interests.
Another day another ransomware attack, another health system on pen and paper. The frequency and severity of these attacks requires the full resources of the health system be focused on this today. But that may just be my opinion.
Do they in health? It, this story is another hospital. So comes to ransomware and actually a second story. DOJ gives ransomware similar priority to terrorism. My name is bill Russell. I’m a former CIO for a 16 hospital system and creator of this week in health. It a channel dedicated to keeping health it staff current and engaged.
Today, the sponsor is health lyrics. Health lyrics is my company. I provide executive coaching advisory services and board participation to health leaders around technology. And it, if you want to learn more, check out health lyrics.com. All right. Two stories. As I said, first one U F health, Florida has taken two of their four hospitals to pen and paper effectively offline, due to suspicious activity. Let me give you some of the details around that one. We’ll hit this one real quick.
, this is from bleeping computer. You have health, the villages hospital, and you have health Leesburg hospital suffered cyber attack, preventing access to computer systems and email. In a statement shared with bleeping computer.
You have health states that you have health central Florida detected unusual activity and shut down portions of their network to prevent further risks to their organization. He goes on to talk about, you know, abundance of caution. They have some other hospitals, they don’t want to spread this to, and those kinds of things.
And then they go on towards the end. And this is what sort of. Peaks my interest. Reuters also reported today that ransomware attacks will now be given similar priority as terrorism.
By the us government due to their ability to disrupt critical services and the financial impact on us interests, which takes us to the second story, which is. An exclusive from Reuters. I love that big exclusive and capital letters us to give ransomware hacks similar priority as terrorism. Let me tell you what this is about the us department of justice.
Is elevating investigations on ransomware attacks to a similar priority as terrorism in the wake of the colonial pipeline hack and mounting damage caused by cyber criminals. A senior department official told Reuters. Internal guidance sent on Thursday to us attorneys offices across the country. Send information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.
It’s a specialized process to ensure we track all ransomware cases, regardless of where it may be referred. In this country.
So you can make the connections between the actors and work your way up to disrupt the whole chain to said John Carlin, principal associate deputy attorney general at the justice department.
Let me give you some more details of what this actually looks like. And they go on to say, we’ve used this model around terrorism before, but never with ransomware said Carlin and the process has typically been reserved for a shortlist of topics, including national security cases. Legal experts said.
In practice. It means that investigators in us attorney’s offices, handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington,
and it goes on to categorize which things fall into this cybercrime ecosystem.
And it closes with this quote,
mark A former us attorney in cyber crime experts said the heightened reporting could allow DOJ to more effectively deploy resources and to identify common exploits used by cyber criminals. All right. So that’s the story or stories for today, and I know what you’re thinking. Why hasn’t this been done a long time ago? Well, It is pretty resource intensive and the attacks were isolated. Right? So in other words, the federal government had no vision and had to be extremely cautious, not to name a new group of people as terrorists.
Which they didn’t do with this announcement, just to be clear. They’re just implementing a new process for the investigations. They are not labeling anyone as terrorists. Even the people who are perpetrating these attacks. Since I heard this analogy more than five years ago, I’ve been using it. And there are groups of people with part carriers off the coast, and they are sending missions against our critical infrastructure, including hospitals on a daily basis, on a hour by hour basis.
I believe this is a federal problem. In fact, I believe by definition, this is why we have a federal government is to protect us from attacks such as this. All right. I don’t want to spend too much time on that. Let’s get constructive on this topic. I don’t know your health system or your particular strategy at this point, but this is your number one priority.
There is nothing more important on your agenda. I hate doing these stories to be honest with you, because when I do these stories on the show, when I mentioned cyber in the title, You don’t download and listen to them. Seriously. There’s like a 20% drop when the title has anything to do with cybersecurity. It’s like, you’re taking an approach of, if you don’t acknowledge it, it doesn’t exist.
This almost assures that I will keep reporting on hospitals being ransomed And I hope all of you will know shortly. It is real. It is happening and it is happening with more frequency. If I were a CEO today. I might stand up a group within the house of some that is reviewing our overall plan and response.
How are we at detection, response and recovery to a ransomware attack, the team would have it on it, but it would also have clinical and administrative leadership. I might even make this a mandatory executive level meeting, not the kind of meeting where you, you put the CIO on and then they put their subordinates on, but one that they have to participate, they have to be on the, , group that we’re putting together.
What I would want this group to look like is people who are serious, who really understand this issue. I put hospital CEOs on it. I put the CIO on it. Clinical leadership. Think of this as a hurricane is bearing down on your health system and
you have to ensure continuity of care in your community. What’s the agenda for the first meeting while the Charter’s pretty obvious. Don’t spend too much time on this. It is to ensure that the health system can protect and respond to cyber attacks in order to ensure the continuity of care to the community. Okay. Now move on.
What are some things I’d want to know? What’s our level of preparedness today? What happens if we were ransomed this afternoon? And I would ask that question. What would happen if we were ransom this afternoon? Are we ready? Do our normal response procedures take into account the things that are happening in our world today.
Second thing. How do we objectively assess our preparedness? What do we need to know as a group today to know if we are really prepared for this, do you need outside help to look at this? Do you need somebody to come in and do tabletop exercises? Do you need somebody who has been through this before? Who can help you to navigate it?
The next thing, are we ready? What preparations do we need to make today? What capabilities do we need to have in order to respond to these things? And are we operating as an organization at the right level of awareness? Who needs to be involved. For its role, you are the century. How likely is an attack. What is the threat landscape?
What is the plan to detect? What’s the plan to respond? What’s the plan to recover? I mean, there’s a whole section of this that you are responsible for and you should have good answers.
If I were a CEO of a health system today, I would escalate this, meaning our response to a cyber attack and specifically a ransomware attack today to our number one priority. In fact, if I were a board member, I might suggest to our CEO to consider this action as well. I would want to have an initial meeting with my it team
around cybersecurity to determine if we were ready, do the answers, give me confidence that we can detect, respond and recover from this type of attack. . I was still form a system-wide group to elevate this priority to an all hands level within the health system. Everyone is involved in preparing for this attack.
I would stay on top of this until I had a defensible position for the statement that we did everything we could to ensure the continuity of care in our community in the event. Of a ransomware attack. All right. That’s all for today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher,
you get the picture wherever where, or at least we’re trying to be. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. VMware Hill-Rom 📍 Starbridge advisors, McAfee and Aruba networks. Thanks for listening. That’s all for now.