Cybersecurity Advice for the COVID-19 EraCISA Adviser Joshua Corman Discusses Essential Steps
Many healthcare organizations have under-resourced security teams, putting them at higher risk for cyber incidents during the COVID-19 pandemic that could result in patient harm, warns cybersecurity expert Joshua Corman.
"We're going to fall down a lot, and we're unlikely to prevent a lot of these attacks," says Corman, a healthcare sector adviser to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. "But the question is whether you can get back up quickly," he says, stressing the importance of solid data recovery plans as well as conducting security incident simulation testing.
"Sadly, ransomware attacks are not showing any signs of stopping," Corman says. "We may have seen our first fatality," as a result of a recent ransomware incident affecting a German hospital that allegedly caused a delay of emergency care to a patient, he notes (see: Ransomware Attack at Hospital Leads to Patient's Death).
Recent research indicates an overall drop in organizations patching software vulnerabilities during the COVID-19 pandemic, he notes in an in-depth interview with Information Security Media Group.
"Some are doing a good job, but because of these [resource] constraints, they're not patching as quickly," he says. "And during a pandemic with elevated attacks, this is not the time to take the foot off the gas."
In this video interview with Information Security Media Group, Corman also discusses:
- Other urgent cybersecurity issues, including supply chain concerns, facing the healthcare sector during the pandemic;
- Activities underway by CISA and other industry groups to assist the healthcare sector in tackling cybersecurity challenges during the pandemic;
- Steps healthcare organizations need to take to shore up cybersecurity.
Corman, who is a founder of grassroots advocacy group "I am The Cavalry," is a senior adviser to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency on matters relating to COVID-19 and public safety. He previously served as chief security officer for software and services provider PTC Inc., director of the Cyber Statecraft Initiative for the Atlantic Council and chief technology officer at open-source software firm Sonatype. Corman also serves on the adjunct faculty at Carnegie Mellon's Heinz College. He was a member of a congressional task force for healthcare industry cybersecurity.