Init0

RSNA 2021 speaker Joshua Corman. Courtesy of the CISA.

“We are at a crossroads,” said Joshua Corman, chief strategist for COVID-19, healthcare, and public safety at the U.S. Cybersecurity and Infrastructure Security Agency (CISA). “We’re now overdependent on undependable technology. How quickly we turn the corner depends on you.”

Around 560 U.S. healthcare facilities were hit by ransomware attacks in 2020, and cyberdisrupion can be an important source of delays to patient care in hospitals that are already overstretched, he added. For instance, in November 2020, clinicians were forced to send away hundreds of cancer patients after a cyberattack on a Vermont Hospital.

About 85% of U.S. hospitals do not have a single qualified security person on their payroll, and many security specialists have been put on furlough support schemes during the pandemic or laid off due to recent mergers and acquisitions, according to Corman.

“Our traditional best practices simply aren’t good enough, and this is affecting patient care,” he said. “Through our over dependence on undependable IT, we have created the conditions such that the actions of any single outlier can have a profound and asymmetric impact on human life and economic and national security.”

The good news, though, is that politicians, regulatory agencies, healthcare providers, and the international community in general have become more alert to threats and better prepared, he continued.

In May 2021, President Biden issued an executive order about improving cybersecurity. This order emphasizes that all federal procurement deals must give full consideration of cybersecurity aspects, and it shows that this topic is now higher up on the political and social agenda.

5 core principles

Keep vigilant and be conscientious, Corman advises the medical imaging community. Overall, he thinks adhering to these five core principles will improve the situation:

1. Cybersafety by design. Respect domain expertise and inform design with security lifestyle, adversarial resilience, and secure supply chain practices.
2. Third-party collaboration. Acknowledge that vulnerabilities will persist, despite best efforts, and invite disclosure of potential safety or security issues, reported in good faith.
3. Evidence capture. Try to foresee unexpected outcomes and to facilitate evidence capture, preservation, and analysis to learn from safety investigations.
4. Resilience and containment. Recognize failures in components and in the environment are inevitable, safeguard critical elements of care delivery in adverse conditions, and maintain a safe state with clear indicators when failure is unavoidable.
5. Cybersafety updates. Cybersafety will always change, so it’s vital to support prompt, agile, and secure updates.

“We’re all in a supply chain, with most of …….

Source: https://www.auntminnie.com/index.aspx?sec=log&itemID=134321