Building defense proficiency in healthcare – one cybersecurity leader's tips

With ransomware attacks now an epidemic across healthcare, and IoT/IoMT devices highly vulnerable, providers continue to make cybersecurity investments to protect their patient data and organizations. With this explosion of cyberattacks, it also behooves hospitals and health systems to get better at developing threat analyses, more enthusiastic about cross-industry collaboration and more vigilant about basic cyber hygiene, says Taylor Lehmann, director of the Office of the CISO at Google Cloud. He spoke with Healthcare IT News to discuss cyberattack risks, collaboration and transparency, industry intelligence, Google's Health-ISAC partnership and the responsibility to evolve and improve cloud security. This might include sharing threat models, highly sensitive information or indicators of compromise, which may reveal that the organization producing the intelligence has been successfully attacked. Finally, I see a future where vendors and partners play a more active role in helping healthcare organizations achieve a high-security bar versus continuing to hide behind the shared responsibility model that has made cloud security difficult to understand. Cybercriminals want healthcare organizations to stay in silos, because that makes it more likely that an attack on one health system works on another.