Ransomware and other cyberattacks are part of our world, and health system CIOs need to be prepared for them.
Aaron Weismann, chief information security officer at Main Line Health system in Radnor Township, Pa., stopped by the "Becker's Healthcare Digital Health + Health IT" podcast to discuss ransomware attacks.
Editor's note: This is an edited excerpt. Listen to the full episode here.
Aaron Weismann: So we engage in biannual tabletop exercises where twice a year, we all get together and we go through a simulated attack. The last one was in partnership with the FBI and Department of Homeland Security based on what they're seeing in the environment and threat landscape. I think some of the conversations we're having are, you know, if we're going to pay, how are we going to make that happen? How are we going to evaluate whether the payment is going to be effective at getting what we need? And then we also have the wrinkle that we don't want to support terrorist organizations. The Department of the Treasury came out and said if you pay the wrong people and they're on our no-transaction list, you as an organization and you as an individual can be sanctioned because you're supporting terrorism, which just sort of threw wrench into the whole thing and has made it that much more difficult to deal with. There are lots of different considerations there. Our best defense is being able to understand how we're going to recover, how we're going to continue caring for patients and what we're going to do moving forward. I think, by drilling that over and over, we've actually become pretty adept at that.