HIMSS Healthcare Cybersecurity Forum: Understanding, Tackling Top Cyber Threats

September 08, 2023 - BOSTON, Mass.

Cyber threat groups are not slowing down their efforts to target healthcare, as exemplified by the tens of millions of health records breached in 2023 so far. With this in mind, experts at the HIMSS Healthcare Cybersecurity Forum stressed the importance of understanding cyberattack patterns and impacts in order to effectively and efficiently tackle mounting cyber risk.

During a keynote presentation at the forum, held in Boston, John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, shed light on current trends in the global cyber threat landscape and explored the potential effects that a cyberattack can have on healthcare operations and patient safety.

“We all know as technology professionals that we can never eliminate cyber risk. We can only hope to mitigate,” Riggi told the audience. “We have to be prepared for the impact of these cyberattacks.”

Riggi, who spent nearly 30 years in various roles in the FBI, highlighted the risks of today’s most prolific cyber threat groups, including Clop, Rhysida, LockBit, and foreign threat groups from Russia, China, and North Korea.

Among all these threat groups and attacks, clear patterns have emerged, Riggi suggested. Threat actors are continuously going after known vulnerabilities, using tried-and-true tactics to target healthcare organizations and their third-party vendors across the supply chain.

For example, Clop ransomware made headlines in recent months after exploiting a vulnerability in Progress Software’s MOVEit Transfer software, for which a patch has since been made available. Clop managed to attack more than 130 organizations using this vulnerability, including healthcare entities. The incident served as another reminder to prioritize third-party risk.

“We should start thinking strategically. If the bad guys are hacking our secure third-party file transfer system, maybe we should look at other types of similar systems we have in our network,” Riggi suggested.

Healthcare institutions today are highly dependent on technology to operate effectively, Riggi added. These technologies have enabled operational efficiencies and improved patient experience. But as the number of internet-connected devices increases, risk does as well.

“When that technology suddenly becomes unavailable such as during a high impact ransomware attack, there is massive disruption in business operations into healthcare operations, and care delivery operations, creating delay in disruption and ultimately risking patient safety,” Riggi noted.

In addition to tracking patterns and patching known vulnerabilities, Riggi emphasized the importance of having comprehensive incident response plans and downtime procedures in place to reduce risk and ensure that the organization can function without access to these technologies for days or even weeks.

Riggi encouraged healthcare organizations to integrate cyber incident response planning with emergency management, in addition to leveraging regional resources to enhance incident response effectiveness.

In addition to healthcare organizations tackling risk internally, the federal government and international partners play a crucial role in cyber threat reduction, Riggi noted.

For example, in August, the FBI facilitated the disruption of Qakbot, a botnet and malware operation that was leveraged by threat actors to infect hundreds of thousands of computers worldwide. In January, the Department of Justice (DOJ) completed a months-long operation to take down Hive ransomware operators.

The DOJ’s actions and industry collaboration and preparedness can help the healthcare sector tackle cyber risk head-on.

“Anything that degrades the bad guys' capabilities is a good thing and it's a win,” Riggi noted. “It's not a victory in the war, but it's a win.”