Fighting ransomware in healthcare – BankInfoSecurity

Third-party risk management, critical infrastructure security, fraud management and cybercrime

Errol Weiss says industry lacks resources to improve cybersecurity

Jeremy Kirk (jeremy_kirk) •
April 29, 2022

Errol Weiss, Security Manager, Health-ISAC

The healthcare industry continues to be targeted by ransomware gangs, but efforts are underway to help improve healthcare information security resilience.

See also: On demand | Spotlight Discussion: Advanced Network Detection and Response


There are many challenges, especially for smaller organizations that may not have dedicated IT staff, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center, or Health-ISAC. The group is dedicated to sharing threat intelligence in the healthcare sector.


“Ultimately, I think it comes down to a lack of sufficient resources on information security budgets – not having the technology to respond adequately to the business,” Weiss says.


For these smaller organizations, Weiss says Health-ISAC’s guidance focuses on the areas over which these organizations have control. He says this includes training and awareness, toolkits that could be helpful, and ensuring organizations have a backup plan.

“If you look at all these recommendations, they tend to be kind of like, ‘How do I avoid becoming a victim of ransomware?'” Weiss says. “And those are usually very effective.”

In this video interview, Weiss explains:



  • What cybersecurity challenges are healthcare institutions facing;

  • How hospital boards view cybersecurity investments;

  • How Health-ISAC helps healthcare facilities improve.


Weiss previously served as executive vice president of Citigroup’s Office of Risk Management and IT Programs. Further on, he was a senior network security analyst for the National Security Agency, responsible for performing vulnerability and penetration scans of highly classified US government computers and network systems.

Comments are closed.