Kevin Lewis’ Post

Supply Chain Cyberattacks Threaten Healthcare: Industry Collaboration Key to Mitigating Disruption At a recent Google Cloud panel, cybersecurity leaders from major health systems emphasized the growing threat of supply chain cyberattacks and called for greater industry collaboration to address vendor risks. Following the cyberattack on claims processor Change Healthcare, which caused widespread disruption earlier this year, panellists from Novant Health, Highmark Health, Northwell Health, and ChristianaCare highlighted the urgent need for healthcare organizations to strengthen their defences. By closely assessing vendor risks and adopting more robust cybersecurity measures, the industry can work together to limit the impact of future attacks and ensure operational continuity. Read more at, https://lnkd.in/drMktwde | Healthcare Dive, Informa, Emily Olsen #cyberattacks #healthcare ##disruption #supplychain #digitalhealth #procurement #health #economy #news #thehealthcolossus

The DHN Forum Mumbai highlighted crucial strategies to fortify defenses against rising healthcare cyberattacks. 🏥 Experts including Kumar KV, Dr. Makarand Sawant, Ganesh Chellappa, and Vijay Pawar shared insights on continuous risk assessment, cyber resiliency, and layered security approaches, Arvind Sivaramakrishnan CHCIO, CIO of Karkinos Healthcare, moderated the session. 🔍 Dr. Makarand Sawant emphasized ongoing risk evaluations and staff education. "A lot of education will have to go into making employees understand that casual approaches towards external communications can lead to major breaches." 🔄Vijay Pawar from Dell Technologies highlighted the shift from prevention to recovery, stressing the need for solid cyber recovery foundations. "Organizations must be equipped with solutions to recover data." 🔗Ganesh Chellappa from ManageEngine advocated for a layered approach, incorporating cybersecurity, compliance, and automation. "Authorize and authenticate any interaction happening between users, devices, networks, applications, and data." 💰 Kumar KV discussed the financial implications and the necessity of board-level conversations. "Significant fines necessitate strategic planning." Both Vijay Pawar and Ganesh Chellappa provided practical advice on selecting cybersecurity vendors, emphasizing modern data protection and comprehensive ecosystems. 🔒 As digital health transformation accelerates, these strategies are essential to protect patient data and build trust. 🔗 Read the full Article - https://lnkd.in/dSsNq_NX 🖊️Writes - Arti Ghargi #CyberSecurity #HealthTech #DigitalTransformation #Healthcare #RiskManagement #DataProtection #CyberResilience #ZeroTrust

Article from Becker's HEALTH IT: UnitedHealth suspects 'nation-state' behind Change outage: 7 things to know  Molly Gamble (Twitter) - 15 hours ago Change Healthcare, part of UnitedHealth Group, reported a "cybersecurity incident" on Feb. 21 that disrupted connectivity and healthcare operations nationwide. Here are seven things to know about the security event and its effects: 1. Change initially reported disruptions early on Feb. 21, first noting "some applications are currently unavailable" and then reporting "enterprise-wide connectivity issues" on a company status page. 2. By the afternoon of Feb. 22, the company said: "Change Healthcare is experiencing a cyber security issue, and our experts are working to address the matter. Once we became aware of the outside threat, in the interest of protecting our partners and patients, we took immediate action to disconnect our systems to prevent further impact. At this time, we believe the issue is specific to Change Healthcare and all other systems across UnitedHealth Group are operational. The disruption is expected to last at least through the day. We will provide updates as more information becomes available." 3. Few details have been released about the nature of the cybersecurity issue, but an updated SEC filing states that UnitedHealth Group identified "a suspected nation-state associated cyber security threat actor" on Feb. 21 had gained access to some Change IT systems. 4. The U.S. government recognizes nation-state adversaries, such as China, Russia, North Korea and Iran, to "pose an elevated threat to our national security," according to separate and previous communication from the Cybersecurity and Infrastructure Security Agency. Threats include sophisticated, targeted and malicious cyber activity that is targeted and aimed at prolonged network or system intrusion. 5. Change, a revenue cycle management services provider, handles 15 billion transactions per year and is the nation's largest commercial prescription processor. 6. Health systems, hospitals and pharmacies nationwide were affected by the disruptions throughout Feb. 22, including all military pharmacies worldwide. 7. Few retail pharmacy networks had prepared news releases as of Feb. 22 regarding disruptions or lackthereof to operations; information was not readily available from Walgreens, CVS Health or Walmart. 8. Change combined with UnitedHealth Group's Optum in October 2022.  Becker's will continue to update this reporting as new information is made available. https://lnkd.in/gT9n-bjD

Cybersecurity in Healthcare: The New Frontier for Patient Safety The healthcare sector has become a prime target for cyberattacks, underscoring the urgent need for stronger cybersecurity measures. The 2020 ransomware attack on Universal Health Services disrupted patient care across 400 facilities, while the 2024 breach at Change Healthcare exposed millions of patient records and created a backlog of unpaid claims, threatening financial stability and patient access to care. These incidents highlight a critical shift: cybersecurity in healthcare is no longer just an IT issue—it's a matter of patient safety. In response, the U.S. Department of Health and Human Services (HHS) has introduced Cybersecurity Performance Goals (CPGs) to enhance security across the sector. These goals, split into "essential" and "enhanced" tiers, set the standard for cybersecurity practices. However, smaller providers may struggle with limited resources, prompting HHS to propose financial incentives and upfront investments to bridge this gap. Beyond technical measures, cybersecurity is now integral to patient care. Healthcare organizations must incorporate security into their overall risk management strategies, conduct comprehensive risk assessments, align with CPGs, invest in employee training, and perform regular audits to ensure compliance and safety. Taking proactive steps is vital. As cyber threats and regulatory pressures mount, cybersecurity has become fundamental to ensuring patient safety and operational resilience. For tailored advice on navigating this evolving landscape, contact Optimal Solutions and Services (OSS)—we're here to help you build a resilient cybersecurity strategy. Visit our website: oss-mena.com #HealthcareCybersecurity #PatientSafety #GRC #CyberResilience #DataProtection #HIPAACompliance #oss

Check out our latest blog on “The Role of Managed IT Services in Enhancing Healthcare in Orlando.” 🌟 In this piece, we dive into how Managed IT Services are transforming Orlando’s healthcare landscape, improving data management, cybersecurity, and overall patient care. Discover the benefits of streamlined operations, enhanced security measures, and compliance with healthcare regulations. If you’re interested in how technology is revolutionizing healthcare in our city, this article is for you. Let’s discuss how we can further integrate these advancements for a healthier future! #HealthcareIT #ManagedServices #OrlandoHealthcare #Cybersecurity #DataManagement https://lnkd.in/eGKPN4Pw

The U.S. healthcare sector continues to grapple with cybersecurity challenges, risking patient data and infrastructure. Issues include outdated systems, limited funding for security, and a shortage of skilled staff. Cyber threats like #ransomware and breaches pose significant risks, impacting patient information and healthcare services. The U.S. Department of Health and Human Services (HHS) and Human Services (HHS) addresses these challenges with resources like the Health Industry Cybersecurity Practices (HICP) and Healthcare Sector Cybersecurity Coordination Center (HC3) guidance. Despite these efforts, #healthcare organizations must enhance security defenses through measures like #securityassessments, #networksegmentation, and employee #training. Investing in technologies like #AI and #machinelearning aids in real-time threat detection and response. Industrial Cyber consulted cybersecurity healthcare experts to explore the key challenges encountered by asset owners and operators in the U.S. healthcare sector, focusing on infrastructure, technology, and regulatory compliance. Healthcare is large, complex, inter-connected, and highly regulated, @Denise Anderson, president and CEO of the Health Information Sharing and Analysis Center (Health-ISAC), told Industrial Cyber. “The sector uses myriad devices and endpoints, resulting in a massive attack surface. The Health sector contributes to almost 20% of US GDP and according to the US Census Bureau, is the largest employer In the country. It is also highly targeted by threat actor groups. The Institute for Security and Technology reported at least 299 hospitals suffered ransomware attacks in 2023,” she added. “The primary challenge comes down to funding,” Wes Wright, chief healthcare officer at Ordr Inc., said. “There are always better technologies to invest in, infrastructure improvements to be made, cybersecurity protections to implement, and regulations that need to be complied with. The difficulty for so many in healthcare is procuring enough funding to support each need.” Chad Holmes, security evangelist at Cynerio, said that healthcare continues to be the most attacked industry in the U.S. due to a combination of highly valuable patient records (ePHI), technical cybersecurity debt that is approximately ten years behind other industries, limited expertise, and budgetary constraints that hamper the best efforts to adopt modern protections. https://lnkd.in/g47DzU5P

Read the thoughts that Rick Jones shared with Digital Health Technology News on Supply Chain #cybersecurity in #healthcare and how to survive an inevitable threat: https://hubs.la/Q02Bnhgj0 #cyberthreat #cyberprotection #cyberresilience

Elevate Patient Care with Cutting-Edge Security! 🚀 Check out our latest blog to see how secure #IT solutions are transforming healthcare. From safeguarding patient data to streamlining operations, find out why #cybersecurity is the heartbeat of modern #healthcare. 💻❤️ https://hubs.la/Q02kTP240 #HealthcareTech #PatientCare #Compliance #HIPAA #HealthcareSecurity #ManagedSecurity

🛡️ Innovating Securely: A Game-Changer for Veteran Healthcare & Provider Capabilities 🛡️ In the realm of federal EHRM, particularly within veteran healthcare as well as hearing of Amber J. Pearson @HIMSS24 integrating robust security isn't just about compliance; it's about protecting those who've served us. Here is some suggestion I reflected on to innovate securely thus enhancing care for our veterans: ✅ **Regulatory Rigor**: Adhering to standards like FISMA, HIPAA, and following NIST's lead ensures that we're not just meeting, but exceeding expectations for data protection. ✅ **Risk Ready**: Regular risk assessments in our EHRM systems mean we're always prepared, securing the sensitive health data of our veterans. ✅ **Data Defense**: Strong encryption safeguards health records, ensuring that veteran data stays confidential and secure, whether at rest or in transit. ✅ **Controlled Access**: With RBAC and MFA, healthcare providers access only the data they need, reducing the risk of data breaches while facilitating patient care. ✅ **Secure Development**: By embedding security in the EHRM's SDLC, we're building a healthcare system that's safe from the ground up. ✅ **Training Troops**: Security-aware healthcare staff can better protect against threats, making our veterans' data safer. ✅ **Incident Arsenal**: A robust incident response plan means we're ready to defend our veterans' data against any cyber onslaught. ✅ **Vendor Validation**: Vendors are held to the highest security standards, ensuring that any third-party software or service meets our stringent requirements. ✅ **Patch Protocol**: Keeping systems up-to-date means vulnerabilities are patched before they can be exploited, maintaining a secure environment for healthcare delivery. ✅ **Continuous Vigilance**: Through continuous monitoring, we can detect and thwart threats in real-time, keeping our veterans' healthcare data secure. ✅ **Secure Spaces**: The physical security of our data centers is paramount, protecting against unauthorized access to our digital health infrastructure. ✅ **Privacy First**: By incorporating privacy into the EHRM design, we ensure that the personal health information of our veterans is treated with the utmost respect. By championing these security practices, we're not only complying with the highest standards but also ensuring that our veterans receive the best healthcare, free from the worry of data breaches or privacy concerns. Our providers are empowered with the tools they need, within a secure and reliable system, to offer unparalleled care. #EHRMSecurity #VeteranHealthcare #FederalInnovation #Tista #TistaVeterans #Cybersecurity #HealthIT #ProtectingVeterans #DataPrivacy #digitalVA #HIMSS25

"The healthcare industry must prioritise investments in cybersecurity to address the escalating threats to medical devices, interconnected systems, and overall infrastructure." GlobalData Plc's thematic report 'Cybersecurity in Healthcare: Thematic Intelligence was released this time last week. Below are a few takeaways that lead us to the opening quote above. - Healthcare organisations are at a greater risk of cyber attack than ever before largely due to the Covid-19 pandemic and a push towards virtual care and remote monitoring. - There was a two-fold increase in the number of individuals affected by data breaches from 2022 to 2023. - A single vulnerability can provide multiple entry points for cybercriminals, potentially leading to widespread disruptions across healthcare systems. (See this week's CrowdStrike example where a faulty software update lead to one of the biggest global outages of all time.) - GlobalData projects that by 2025, 68% of medical devices will be connected to a network. While this increased connectivity will improve efficiency and patient care, it will also expand the risk landscape. - It is expected that there will be a significant increase in the amount of investment in cybersecurity, growing by 12.9% annually from $631.2m in 2022 to $1.2bn in 2027. -The healthcare sector must prioritise cybersecurity investments to address the escalating threats to medical devices, interconnected systems, and the broader healthcare infrastructure. https://lnkd.in/gQufrp-p