Keeping Up With the Evolving Threat LandscapeAlbany Medical Center CISO Kristopher Kusche Discusses Steps to Take
To keep up with the ever-evolving cyberthreat landscape, healthcare organizations must combine basic security principles with advanced technologies, says Kristopher Kusche, CISO at Albany Medical Center in New York.
"What we've been seeing over the last year is that all the attacks out there really took advantage of vulnerabilities that have been in the industry for quite a while," Kusche says in an interview with Information Security Media Group at the HIMSS18 conference in Las Vegas, where he was a featured speaker.
"We saw problems with institutions getting affected by things like WannaCry and NotPetya," he says. Those attacks took advantage of long-time vulnerabilities that were not patched, he says. Organizations need an adequate patching regime as well as "and an understanding that you need basic tools and advanced tools to really mitigate these issues," he says.
In the interview (see audio link below photo), Kusche also discusses:
- Why Albany Medical Center tries to treat medical device security similarly to the protection of other devices;
- How to protect medical devices that cannot be easily patched;
- Why workforce education is critical to keeping up with evolving cyberthreats.
Kusche is vice president and CISO at Albany Medical Center. He is CISSP and CPHIMS certified and a HIMSS Fellow. He's also a member of the ECRI Institute's advisory board and Excelsior College's industry advisory committee. At HIMSS, he has served as New York State chapter board president, national chair of the Privacy and Security Committee and as a member of multiple HIMSS security taskforces.