Why Ransomware Attacks Are a Security Wake-Up Call

Recent ransomware attacks on healthcare entities have been a major security wake-up call, says Rod Piechowski, senior director of health information systems at the Healthcare Information and Management Systems Society.

"Ransomware really sparked people's imaginations and got them aware of the fact that this isn't just something that happens behind the scenes and doesn't affect anyone else in the organization," he says in an interview with Information Security Media Group during the HIMSS18 conference in Las Vegas.

"It really shone a light on the fact that everyone [in healthcare] has a role in cybersecurity, and security in general - whether you take care of patients or work in administration. We all play a role because the data moves; it has to flow in order to keep the business viable and to keep patients safe. So ransomware was a really big wake-up call."

Malware attacks highlight the use of email as an attack vector, he says.

"Raising awareness among people who work in an organization is really important. ... Once you understand that a lot of [the attacks] come through email and people share tips on what a suspicious email looks like, we all get smarter about it."

In the interview (see audio link below photo), Piechowski discusses:

• Difficulties healthcare entities face in recruiting security talent, especially for organizations located in certain geographies;
• Getting buy-in from senior leadership for security efforts at healthcare organizations;
• Plans for cybersecurity offerings at next year's HIMSS conference.

As senior director of health information systems at HIMSS, Piechowski serves as the senior staff liaison to several HIMSS committees and communities, including privacy and security. Previously, Piechowski was senior associate director of policy at the American Hospital Association and vice president of technology leadership at the National Alliance for Health Information Technology.