3rd Party Risk Management , COVID-19 , Critical Infrastructure Security
Healthcare's Widening Cyber 'Seams and Cracks'
DHS CISA's Joshua Corman on Addressing Critical ConcernsThe surge of cyberattacks on the healthcare sector in the midst of the COVID-19 pandemic has accentuated many of critical cybersecurity challenges that must be urgently addressed, says Joshua Corman of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical
Many of the "seams and cracks [pre-pandemic] in healthcare cybersecurity remain and have been further stressed and exposed to the world and adversaries," he says.
"Healthcare has had an incredibly difficult time on the biological threat … and the stresses of every aspect of our national critical function of delivering healthcare. And cyber adversaries have unfortunately preyed upon that [vulnerable] demographic," he says.
"In some ways, these are problems that we knew we had. … Ironically we have a much clearer picture thanks to the pandemic stresses to what the system dynamic is about - where cybersecurity IT resilience and delays in patient care can contribute to excess deaths."
In a video interview with Information Security Media Group, as part of ISMG’s RSA Conference 2021 coverage, Corman also discusses:
- Other cybersecurity lessons emerging from the pandemic;
- CISA's methodology to chart a "defensible" cyber infrastructure;
- Resources DHS CISA offers to help the healthcare sector deal with its latest cybersecurity challenges.
Corman, who is a founder of the grassroots advocacy group I Am The Cavalry, is the healthcare sector chief strategist at DHS CISA on matters relating to COVID-19 and public safety. He previously served as chief security officer for software and services providers PTC Inc., director of the Cyber Statecraft Initiative for the Atlantic Council and chief technology officer at open-source software firm Sonatype. Corman also serves on the adjunct faculty at Carnegie Mellon’s Heinz College. He was a member of a congressional task force for healthcare industry cybersecurity.