As cybercriminals and other threat actors target healthcare providers at a record rate, Cleveland Clinic's Senior Director of Cybersecurity Technology Protection Keith Duemling told Becker's that the organization is focusing on cultivating a "balanced and dynamic" approach to the increased cyber threat.
"Heading into 2024, I would summarize some of the critical points of our cybersecurity strategy as centered around reinforcing and evolving our defenses to adapt to the rapidly changing cyber threat landscape and strengthening existing partnerships with our peers in the healthcare sector and federal space," said Mr. Duemling.
The increased collaboration with the federal government comes as the HHS released a new concept paper pledging to work with Congress to create new cybersecurity incentives for hospitals. Beyond just collaboration with the government, Mr. Duemling emphasized the need to work with vendors and other third parties to protect patient information.
In 2023, several top health systems, including Chicago-based CommonSpirit, Baltimore-based Johns Hopkins Medicine, Dallas-based UT Southwestern Medical Center, and Louisville, Ky.-based UofLHealth, had their data compromised due to the software vulnerability.
"The number of events impacting third parties that provide critical services to healthcare systems has increased exponentially year-over-year, requiring rapid maturity in incident response plans tailored to manage third-party breaches, ensuring quick and effective mitigation," said Mr. Duemling.
As the health system moves into the new year, Mr. Duemling said the organization is also focused on leveraging artificial intelligence tools, compressing the attack surface, increasing staff cybersecurity awareness, and developing innovative protections to secure patient data.