Cyberattacks have escalated since the start of the COVID-19 pandemic by becoming more frequent and sophisticated, leaving health systems such as Northwell Health to closely examine cybersecurity efforts and stay flexible to protect systems.
Kathy Hughes, vice president and chief information security officer at Northwell Health, discussed some of the measures the New Hyde Park, N.Y.-based health system has taken to combat cyber threats during The Wall Street Journal's Pro Cybersecurity Executive Forum.
Here are six insights from Ms. Hughes on the state of cybersecurity and Northwell's attack mitigation efforts, according to the Journal's Dec. 7 report.
1. Northwell, alongside many other healthcare organizations, has rolled out more Internet of Things-type technologies such as telemedicine platforms and remote monitoring devices. From a cybersecurity standpoint, the devices are potential threats or entry points onto its network.
2. To address potential threats linked to IoT devices, Northwell has applied similar techniques as it does with traditional IT devices to ensure all are protected. These efforts include ensuring devices are on supported operating systems, have firmware updates and patching, and have anti-malware protection, Ms. Hughes said.
3. Northwell has several groups focused on different cybersecurity measures including IT security tools and technologies; risk management; policies and governance overseeing its awareness-in-training program; and disaster recovery.
4. Northwell modeled its program on the National Institute of Standards and Technology cybersecurity framework, which requires the health system to identify everything it protects, detect if any malicious activity occurs and respond to alerts.
5. While Ms. Hughes said Northwell's cybersecurity program itself hasn't changed during the pandemic, it has had to adapt to the "onslaught of attacks that were coming in."
"The number of phishing emails, for example, and different types of attacks that we saw really kept us on our toes. There were a couple of technologies that we had to deploy rather quickly in response to current activities, and costs and adjustments that had to be made," she said.
6. One of the tools Northwell deployed to mitigate phishing email attacks was a technology that does a live scan of a URL when it's clicked in an email, which lets the health system determine if an email is malicious in real time and blocks the message.