Preventing a ‘Doomsday’ Healthcare Cyber Event

The healthcare sector needs to continue upping its cybersecurity ante to prevent potentially catastrophic “doomsday” events that could devastate regional healthcare systems, says Erik Decker, a federal adviser who’s CISO at the University of Chicago Medicine. He’s co-leading an effort to draft a guide to mitigating five key cyber threats.So far, cyberattacks in healthcare have not focused on harming patients. “What hasn’t happened yet, but I can foresee happening, is … terrorism,” he says in an interview with Information Security Media Group at the recent College of Healthcare Information Management Executives’ Advocacy Summit in Washington.”If a threat actor can get to a certain level of sophistication and understand how to compromise regional health systems – independent health systems that are not part of the same group – by leveraging a lot of the same types of vendors that we all use and the access that these third parties have … then you have a situation that is going to be quite catastrophic,” he says.But hopefully such a “doomsday” situation is becoming less likely thanks to recent cybersecurity progress, the CISO, who has testified before Congress, contends.”The good news is that cyber has become a huge, hot topic in healthcare,” he says. “There’s been a lot more prevalence at the local level, all the way to the national level, on how do we solve this problem.”