What's in store for cybersecurity in 2023?

Healthcare cybersecurity is a rapidly changing industry as cybercriminals innovate and health IT teams work to improve their posture. Becker's reached out to five chief information security officers at the top hospitals and health systems across the country to project what healthcare cybersecurity will look like in 2023.

Editor's note: Responses have been lightly edited for clarity.

Jack Kufahl. Chief Information Security Officer of Michigan Medicine (Ann Arbor): Hard for me to say what that No. 1 trend will be; I suspect new devious ransomware tactics. However, I think that the clever CISO will be looking at optimization of their current technology stack and investments. Where there is capability overlap, configurations unused, data falling away that is useful but going stale, and generally getting as much functionality as possible out of sunk costs or licenses. I also feel there may be an increase in talent attrition due to healthcare (even in the best of years) being somewhat of a laggard in keeping staff salaries competitive. This will drive toward more near-sourcing or outsourcing of capabilities due to talent shortfalls or salary gaps.

Steven Ramirez. CISO of Renown Health (Reno, Nev.): I think one of healthcare's biggest challenges will be third-party risk management. Industry data shows that third parties still only count for roughly 50 percent or so of breaches. With the continued push to software-as-a-service-based products and the cloud with the digital transformation, healthcare organizations are shipping more and more critical technology functions and services to vendors. There are two types of third-party breaches we need to focus and plan for; data breaches and disruptive breaches. We saw how impactful the Okta and Kronos ransomware events were on their customers. This emphasizes the need for strong third-party risk management processes and procedures, in addition to cyber resilience practice. Something to also keep on the radar is hiring and retaining talent to support these initiatives.

Shefali Mookencherry. CISO of Edward-Elmhurst Health (Warrenville, Ill.): One of the top trends in health cybersecurity in 2023 may focus on how cybersecurity can become the enabler for innovations. There will be scrutiny in how breakthrough technologies are used in healthcare. The FDA and other organizations may provide further guidance on artificial intelligence, telehealth, data tracking and sharing.

 

Mauricio Angée. CISO of University of Miami Health System:

  • Attacks against Microsoft O365 email
  • Phishing emails + multistage attacks
  • Zero-Day attacks
  • User credentials compromise
  • Enhancing the human side of cybersecurity — knowledge and expertise to detect, prevent, and protect against phishing attacks
  • Remote workers will continue to be a cyberthreat

 

Erik Decker. CISO of Intermountain Healthcare (Salt Lake City): We will continue to see these bad actors profiling healthcare organizations, conducting human-operated attacks, and causing damage. I believe the health and public health sector needs to continue to focus on it its cyber hygiene and implementing practices that keep our patients safe from harm's way. Cyber safety is patient safety.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars