Can your health system CEO say "we did everything we could to ensure the continuity of care in our community in the event of a ransomware attack."?
If not, maybe it's time to escalate this to the top STRATEGIC priority for the health system. It is after all a patient safety issue and a civic responsibility issue.
FTAs
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.
Reuters also reported today that ransomware attacks will now be given similar priority as terrorism by the US government due to their ability to disrupt critical services and the financial impact on US interests.
-----
Another day another ransomware attack, another health system on pen and paper. The frequency and severity of these attacks requires the full resources of the health system be focused on this today. But that is just my opinion.
https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/
This transcription is provided by artificial intelligence. We believe in technology but understand that even the most intelligent robots can sometimes get speech recognition wrong.
Today in Health it, this story is another hospital succumbs to ransomware and actually a second story. DOJ gives ransomware similar priority to terrorism. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current and engaged.
Today the sponsor is Health Lyrics. Health Lyrics is my company. I provide executive coaching, advisory services and board participation to health leaders around technology and it. If you wanna learn more, check out health lyrics.com. All right. Two stories, as I said. First one, UF Health. Florida has taken.
Two of their four hospitals to pen and paper, effectively offline due to suspicious activity. Let me give you some of the details around that one. We'll hit this one real quick. This is from Bleeping Computer. UF Health. The Villages Hospital and UF Health Leesburg Hospital suffered cyber attack preventing access to computer systems and email and a statement shared with bleeping computer.
UF Health states that UF Health Central Florida detected unusual activity and shut down portions of their network. To prevent further risks to their organization. It goes on to talk about, you know, abundance of caution. They have some other hospitals, they don't want to spread this too, and those kinds of things.
And then they go on towards the end. And this is what sort of. Ped my interest. Reuters also reported today that ransomware attacks will now be given similar priority as terrorism by the US government due to their ability to disrupt critical services and the financial impact on US interests. Which takes us to the second story, which is an exclusive from Reuters.
I love that big exclusive in Capital letters us to give ransomware hacks similar priority as terrorism. Lemme tell you what, this is about the US Department of Justice. Is elevating investigations on ransomware attacks to a similar priority as terrorism in the wake of the colonial pipeline hack and mounting damage caused by cyber criminals.
A senior department official told Reuters internal guidance, sent on Thursday to US attorney's offices across the country, said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington. It's a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country.
So you can make the connections between the actors and work your way up to disrupt the whole chain. Said John Carlin, principal Associate Deputy Attorney General at the Justice Department. Lemme give you some more details of what this actually looks like. And they go on to say, we've used this model around terrorism before, but never with ransomware.
Sid Carlin. The process has typically been reserved for a short list of topics, including national security cases, legal experts said in practice, it means that investigators in US attorney's offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.
And it goes on to categorize which things fall into this cyber crime ecosystem. And it closes with this quote, mark Califano, a former US attorney and cyber crime expert, said the heightened reporting could allow DOJ to more effectively deploy resources and to identify common exploits used by cyber criminals.
Alright, so that's the story or stories for today, and I know what you're thinking. Why hasn't this been done a long time ago? Well, . It is pretty resource intensive and the attacks were isolated, right? So in other words, the federal government had no vision and had to be extremely cautious not to name a new group of people as terrorists, which they didn't do with this announcement.
Just to be clear, they're just implementing a new process for the investigations. They are not labeling anyone as terrorists, even the people who are perpetrating these attacks. Since I heard this analogy more than five years ago, I've been using it. And there are groups of people with parked carriers off the coast, and they are sending missions against our critical infrastructure, including hospitals on a daily basis, on a hour by hour basis.
I believe this is a federal problem. In fact, I believe by definition, this is why we have a federal government, is to protect us from attacks such as this. Alright, I don't wanna spend too much time on that. Let's get constructive on this topic. I don't know your health system or your particular strategy at this point, but this is your number one priority.
I. There is nothing more important on your agenda. I hate doing these stories to be honest with you because when I do these stories on the show, when I mention cyber in the title, you, you don't download and listen to them seriously. There's like a 20% drop when the title has anything to do with cybersecurity.
It, it's like you're taking an approach of, if you don't acknowledge it, it doesn't exist. This almost assures that I will keep reporting on hospitals being ransom, and I hope all of you will know shortly. It is real. It is happening, and it is happening with more frequency. If I were a CEO today, I might stand up a group within the health system that is reviewing our overall plan and response.
How are we at detection, response and recovery to a ransomware attack? The team would have it on it. But it would also have clinical and administrative leadership. I might even make this a mandatory executive level meeting, not the kind of meeting where you, you put the CIO on and then they put their subordinates on, but one that they have to participate.
They have to be on the group that we're putting together. What I would want this group to look like is people who are serious, who really understand this issue. I put hospital CEOs on it. I put the CIO on it, clinical leadership. Think of this as a hurricane is bearing down on your health system and you have to ensure continuity of care in your community.
What's the agenda for the first meeting? Well, the charter's pretty obvious. Don't spend too much time on this. It is to ensure that the health system can protect and respond to cyber attacks in order to ensure the continuity of care to the community. Okay. Now move on. What are some things I'd wanna know?
What's our level of preparedness today? What happens if we were ransom this afternoon? And I would ask that question, what would happen if we were ransom this afternoon? Are we ready? Do our normal response procedures take into account the things that are happening in our world today? Second thing, how do we objectively assess our preparedness?
What do we need to know as a group today to know if we are really prepared for this? Do you need outside help to look at this? Do you need somebody to come in and do tabletop exercises? Do you need somebody who has been through this before who can help you to navigate it? The next thing, are we ready?
What preparations do we need to make today? What capabilities do we need to have in order to respond to these things? And are we operating as an organization at the right level of awareness? Who needs to be involved for it's role? You are the century. I. How likely is an attack? What is the threat landscape?
What is the plan to detect? What's the plan to respond? What's the plan to recover? I mean, there's a whole section of this that you are responsible for and you should have good answers. If I were a CEO of a health system today, I would escalate this, meaning our response to a cyber attack and specifically a ransomware attack today to our number one priority.
In fact, if I were a board member, I might suggest to our CEO to consider this action as well. I would want to have an initial meeting with my IT team around cybersecurity to determine if we were ready, do the answers, give me confidence that we can detect, respond, and recover from this type of attack. I.
I would still form a system-wide group to elevate this priority to an all hands level within the health system. Everyone is involved in preparing for this attack. I would stay on top of this until I had a defensible position for the statement that we did everything we could to ensure the continuity of care in our community in the event of a ransomware attack.
All right. That's all for today. If you know of someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com, or wherever you listen to podcast Apple, Google Overcast, Spotify, Stitcher. You get the picture. We're everywhere, or at least we're trying to be.
We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. I. VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.