There's no 'magic bullet' to enhance cybersecurity, say experts

In a preview of their HIMSS22 session, panelists from the National Cybersecurity Center of Excellence and affiliated federal agencies offer their perspectives on threat landscapes.
By Kat Jercich
09:19 AM

Cybersecurity has taken on increased importance in the healthcare industry, particularly as domestic and international incidents continue to dominate the headlines.  

Amid this dynamic environment, experts stress that an organization's defensive strategy should be flexible and adaptable.  

At HIMSS22, panelists from the National Cybersecurity Center of Excellence (NCCoE) and affiliated federal agencies will offer their perspectives on the evolving threat landscapes – and examine how various strategies can address cyber risk.  

"Healthcare continues to be plagued with cyber threats that include ransomware, malware and phishing," observed Nakia Grayson, IT security specialist at the National Institute of Standards and Technology.

"The latter, phishing attacks, are a common means to deliver ransomware and malware to healthcare systems," Grayson continued.  

As a research center operating under the National Institute of Standards and Technology, the NCCoE is well-placed to leverage relationships established across the federal government, explained panelist Ron Pulivarti, senior cybersecurity engineer at NIST.  

"Further, the NCCoE maintains a community of interest that includes private-sector membership that includes technology manufacturers, cybersecurity providers, value-add integrators and healthcare delivery organizations," Pulivarti added.  

By applying inputs from sources like these and using existing methodologies, such as the NIST Risk Management Framework and the NIST Cybersecurity Framework, NCCoE contextualizes health tech challenges and offers mitigation approaches for known issues – including via practice guides.  

"The NCCoE advocates defense-in-depth approaches," said Sue Wang, principal cybersecurity engineer at the NCCoE.   

"A few solutions that the NCCoE have described in recent practice guides include network zoning, or segmentation; multifactor authentication; microsegmentation solutions; and behavioral analytics," Wang continued.  

But risk mitigation extends beyond relying on technology, Wang added.   

"The NCCoE practice guides note the need to deploy holistic measures, which include establishing education and awareness programs and establishing business processes to apply risk assessment and to address incident response," she said.  

Panelists say they hope attendees understand how to use multifaceted security approaches and strategy frameworks.   

"Technology will change at a very rapid pace and trends may change from year to year," said Grayson. "Attackers may adapt their tools to compromise systems, and technology manufacturers will update their protective product offerings."  

"In contrast, NIST frameworks give us a common and stable means to assess technology and to apply appropriate measures meeting those current challenges," she added.  

Overall, she said, "The one lesson attendees should take away [from the panel] is that there is no magic bullet to enhance cybersecurity."  

Pulivarti and Wang will discuss more in their panel, "Cybersecurity Solutions for Expanding Healthcare Boundaries." It's scheduled for Thursday, March 17 from 2:30-3:30 p.m. in Orange County Convention Center W303A.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.