How the healthcare industry is tackling key threats
Third Party Risk Management, Business Continuity Management/Disaster Recovery, Critical Infrastructure Security
Denise Anderson, President and CEO of H-ISAC, on industry progress, new risks
Mathew J. Schwartz (euroinfosec) •
June 10, 2022
While ransomware, third-party risk, phishing scams and insiders continue to be the top threats facing healthcare and public health entities, the industry as a whole is increasingly better prepared to deal with it. these issues than it was just a few years ago, says Denise Anderson, president and CEO of the Health Information Sharing and Analysis Center.
“We’ve come a long way,” she says. “In 2010, we don’t even combine ‘cybersecurity’ and ‘healthcare’ in the same sentence.”
But when the Hollywood Presbyterian Medical Center in 2016 publicly disclosed that it had paid an extortion claim in what was one of the first major ransomware attacks against a healthcare industry entity in the United States, “it painted a huge target on the back of healthcare,” she said, waking entities up to emerging threats.
In a video interview with Information Security Media Group at the RSA 2022 conference, Anderson also discusses:
- Intellectual property theft from pharmaceutical manufacturers during the COVID-19 pandemic;
- Last year’s ransomware attack on Ireland’s Health Services Executive;
- The impact of new federal breach reporting mandates, including requiring critical infrastructure organizations to report ransomware payments within 24 hours.
Anderson serves as chair of the ISAC National Council and health sector representative to the National Cybersecurity and Communications Integration Center, which is a coordinated monitoring and alert center run by the Department of Homeland Security. She is a board member of the Global Resilience Federation and a fellow of the Cyber Future Foundation. Prior to H-ISAC, Anderson served as Vice President of Financial Services-ISAC.