Why the Healthcare Sector Is So Vulnerable to CybercrimeFormer FBI Agent Jason G. Weiss on Critical Risk Mitigation Steps to Take
The healthcare sector is especially susceptible to ever-evolving cybercrimes, says attorney Jason G. Weiss, a former FBI special agent and forensics expert, who describes critical steps to take to avoid falling victim.
"Hospitals are particularly vulnerable to attacks like ransomware," he says in an interview with Information Security Media Group. "If a hospital doesn't have access to its data and equipment, it may not be able to perform its functions as a hospital, which could lead to actual harm."
Another potential threat, he says, is "med-jacking" - the hacking of medical devices, ranging from prosthetic gear to implantable cardiac devices, he says.
"The healthcare industry is basically under attack in the cybersecurity warfare realm," he says. "It has a lot to think about and do to stay safe."
The FBI's forensics investigations into cyber incidents in the healthcare sector reveal the "sophistication and depth of the attackers," he says.
Among the most important steps that healthcare organizations should take to prevent falling victim to cybercriminals are "hardening your IT perimeter" and implementing multifactor authentication, he stresses.
But in addition to those technical control issues, the human factor is just as important, Weiss adds. Training staff on how to thwart phishing attacks and other socially engineered campaigns is critical, he notes.
In the interview (see audio link below photo), Weiss also discusses:
- The cybertheft of intellectual property in the medical industry;
- Other top cyberthreats facing the healthcare sector;
- Predictions about emerging cybersecurity issues in 2020.
Weiss is counsel in the Los Angeles office of law firm Drinker, Biddle and Reath's information governance and e-discovery group. His practice focuses on cybersecurity incident preparedness and response, compliance with information governance laws and requirements, as well as data analytics, investigations and e-discovery. Previously, Weiss was supervisory special agent in the FBI Los Angeles cyber and forensics branch, where he founded, designed and led a nationally recognized and accredited computer forensics laboratory.