We’re a little late posting this, but at the HIMSS 2022 conference, I had a chance to learn and share some really great insights into healthcare security and ransomware from the team at Fortinet. We live tweeted many of them, but thought an article round up would be great for those that missed the tweets. Check them out below with some light commentary.
Kicking off the @Fortinet lunch and learn. Looking forward to learning about healthcare security and ransomware. #HIMSS22 #hitsm pic.twitter.com/sRmitHmpGw
— John Lynn (@techguy) March 16, 2022
Healthcare security and ransomware is top of my for any IT person in healthcare. It’s not going away either. In fact, the challenge is going to keep growing.
The healthcare industry averaged 3.8 security breaches per week. @Fortinet #HIMSS22 #hitsm
— John Lynn (@techguy) March 16, 2022
It’s kind of hard to see this number. That’s a lot of breaches. That’s a healthcare breach that’s happening every other day. It also makes you wonder if that’s just the breaches we know about. Are there a bunch more we don’t know about?
Digital Transformation in healthcare has been great, but has also led to a growing threat landscape. #HIMSS22 @Fortinet
— John Lynn (@techguy) March 16, 2022
We know that digital transformation is coming. We know that means an explosion of devices and endpoints. Sounds incredible from a clinical and patient experience perspective. Sounds like the opposite of what ever healthcare security person wants to see. Security and accessibility are often at odds. This is definitely the case with many digital transformation efforts.
Once a medical device is down for 3 weeks (average downtime is 1-4 weeks now), then patients have to start getting new orders for things like an MRI. Big operational impact. @Fortinet #HIMSS22 #hitsm
— John Lynn (@techguy) March 16, 2022
I’d never thought about the impact of downtime on orders. That’s a big problem that adds a lot of overhead for an organization and is a terrible experience for patients.
Great to see @Fortinet embedding their security technology into medical devices. Great to see medical devices investing in security. #HIMSS22 #hitsm
— John Lynn (@techguy) March 16, 2022
I’ve seen a lot of sessions on medical device security. Embedding Fortinet’s security technology into a medical device sounds like a really big step forward.
Part of the tabletop exercise healthcare organizations need to do is evaluating paying ransomware or not. It’s not easy to just go and buy $10 million in Bitcoin. @Fortinet #HIMSS22 #hitsm
— John Lynn (@techguy) March 16, 2022
They make a good point. Do you even have a ransomware account? How much can you add to it if needed? These are complex questions you need to address if your strategy is to pay the ransom. Of course, the even more complex question is whether you should pay the ransom.
Start with asset management when doing security. It’s hard to secure when you don’t know what you have to secure. @Fortinet #HIMSS22 #hitsm
— John Lynn (@techguy) March 16, 2022
Let’s start with asset management…it’s a very good place to start. Seriously though, it really is a great step for security.
This next graphic I didn’t have a chance to tweet since it went by before I could capture it. So, I asked Fortinet to send it to me. This was a really powerful way to visualize how you’re doing in your cybersecurity efforts. Where do you fall?
Plus, credit Fortinet on showing how their security tools can help with each area:
Wow. @Fortinet has 1255 patents and makes their own chips which has been really important during the chip shortage. #HIMSS22 #hitsm
— John Lynn (@techguy) March 16, 2022
I’m not sure if patents are a specific indicator of innovation at most health IT companies. They don’t hurt, but it’s not as clear how valuable they are generally. However, 1255 patents for Fortinet’s healthcare security products is significant innovation.
Whenever the malware/ransomware is mentioned, I always look (in vain) for the platform it ran on — Windows or Linux. (I suspect most healthcare site use the more fragile Windows servers.)
Is this ever brought up as an issue?
I had someone yesterday say that Apple’s were less secure than Windows now. That may be true. Slightly different in servers I think, but the reality is that if you don’t configure it properly, they’re all insecure.