When asked about the biggest challenges facing cybersecurity teams, most would probably cite budget – or more accurately, lack thereof. And while that’s certainly valid, there’s another obstacle that’s proving to be just as formidable: isolation.
“The biggest adaptation that I had to make coming to work for healthcare was understanding how isolating it is,” said Chris Plummer, Senior Cybersecurity Architect at Dartmouth Health. “Why are 6,000-plus hospitals still fighting as independents?”
On the other hand, when organizations combine resources, it provides “a suit of armor” that can create a stronger defense. It also helps foster a spirit of collaboration that hasn’t always been present in the security world. “When you’re able to put your arm around another hospital that comes into the network, you can provide that layer of protection really quickly.”
Chris Plummer
However, it isn’t just organizations that find themselves working in silos, but also individuals, Plummer noted. During a recent Unhack the Podcast, he shared insights on the isolation that security professionals often face, and discussed the steps that health systems can take to improve outcomes, from forming partnerships to exploring AI tools.
For many organizations, especially rural and small hospitals, small budgets can limit the cybersecurity staff to a single position, meaning that one person has shoulder all of the operational responsibility. “It’s exhausting,” said Plummer, who admitted he has felt “truly burnt out” in previous roles. “You bear the responsibility of securing everything, and bailing out the organization if something goes wrong.”
This phenomenon of being the “only cyber FTE” isn’t rare, he said. In fact, “I’ve been to a lot of places where you sit down with presidents of those hospitals and they ask each other, how did you talk your board into giving you money for a second IT person?” Plummer noted. “Those conversations show the lack of resources that we’re all facing right now as a country.”
And although that isn’t the case at Dartmouth, which he said has been “an amazing change of pace,” it continues to be a sticking point for many organizations.
One of the areas that suffers most in these situations is the ability to notify parties of possible breaches. If organizations don’t receive that information in a timely matter, it can severely limit the response. “How do we know something has gone wrong?” he said. And if it does, “should I be concerned? Do we need to do one of the rinse-repeat things we do every time someone is breached? Turn off VPNs? Cut off remote access or email?”
And while they don’t need all of the specifics upfront, leaders do need to know whether it’s okay to keep sending and receiving emails and lab results, for instance. “Everyone needs to understand the state of affairs,” he said. “We’re all searching for those same answers, and it can consume so much oxygen in the room trying to understand it all.”
This is where the collaboration piece comes into play – particularly when separate organizations are all exerting efforts to try to get the same answers. “We’re all doing the same thing. We patrol news sources. We look at social media. We’re trolling Reddit. It’s wild that this is what we’re doing to try to get the intel that we need to make decisions,” he said. And yet somehow, “we’re still on an island fighting our own battles.”
The way to buck that trend? By getting involved in professional organizations, noted Plummer, who participates with the Health Sector Coordinating Council Cybersecurity Working Group, H-ISAC Membership Committee, New Hampshire Cyber Threat Working Group, and New Hampshire Cyber Healthcare Sector Working Group, among others.
“You’re not going to get ahead in the information war without people. If you don’t have the personnel, you’re losing on all fronts,” he said. “A big part of that is building networks between people across health systems so that you’re comfortable sending an email or standing up a conference call and getting five or 10 people who you trust to troubleshoot this together. That has to be a big part of this.”
Another benefit of those relationships? Knowledge sharing around important topics like how AI is being leveraged in the security environment. Although it’s “clearly not at a point where it can practically augment cybersecurity operations,” Plummer believes it has the potential to be “incredibly powerful” – not necessarily in making decisions, but rather, guiding them.
“We all have that dream of being on full-blown autopilot and turning it over to AI,” he noted, but that’s not the reality – yet. Troubleshooting, on the other hand, is an area that’s ripe for innovation. “If it can provide a series of five steps to check if you’re trying to solve a given problem, that would be big.”
For now, Plummer is happy to remain “pinky toes deep” in AI. But at the same time, he doesn’t want to wait too long to get a bit more immersed. “I don’t feel like it has to be perfect,” he said. “On one hand, the institutional knowledge required is so deep, but the rate of innovation is so fast,” and no one wants to get left behind.
What Plummer and others have learned is that in healthcare – and particularly, cybersecurity – “things happen quickly,” and leaders need to stay aware and be prepared to adapt. And of course, collaborate.
© Copyright 2024 Health Lyrics All rights reserved
