Data Breach Today Podcast

Quantum computing could bring the next technology "revolution" in healthcare, but organizations will face critical cybersecurity issues when quantum becomes a reality, said attorney Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.

So far, medical devices affected in ransomware attacks have mostly been a casualty of IT networks being taken offline. But the potential nightmare scenario is a targeted device attack in which cybercriminals threaten to kill patients, said Dr. Eric Liederman, CEO of consulting firm CyberSolutionsMD.

As clinicians move to a model of working anywhere - on many types of devices and under a variety of different internet environments - web browser security is a heightened concern, said John Frushour, vice president and CISO at New York-Presbyterian Hospital, and CyberEdBoard member.

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center President and CEO Denise Anderson.

The Health Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

The adoption of privacy enhancing technologies, including fully homomorphic encryption, can help secure data as it is collected, integrated and shared for detecting and responding to public health emergencies such as bird flu, said Kurt Rohloff, co-founder and CTO of Duality Technologies.

A proposed state privacy law awaiting the signature of New York State's governor promises to make the processing of and sale of health information by a wide array of organizations much more complicated and restrictive, said regulatory attorney Angie Matney, who explains why.

It's critical for healthcare providers that offer telehealth and remote patient monitoring services to incorporate these systems into their organizational risk programs, including how they plan to address issues such as patch management from afar, said attorney Betsy Hodge of the law firm Akerman.

States will increasingly be stepping up to fill gaps in the healthcare sector with new cyber legislation and requirements as the Trump administration promises to roll back regulations, predicts attorney Amy Magnano of the law firm Morgan Lewis' healthcare practice.

While artificial intelligence platforms and tools promise to offer encouraging potential in healthcare, many are unprepared to deal with the risks these emerging technologies pose - similar to the early days of social media, said Keith Fricke, partner and principal of tw-Security.

With the pace of global change so often creating a sense of accelerating chaos, it's easy to view cyber defenders as firefighters constantly on call. But Black Hat conference founder and creator Jeff Moss warned that "things have been on fire for as long as I can remember."

Under the Trump administration, the proposed update to the HIPAA Security Rule - issued in the final weeks of the Biden administration - is likely to get trimmed but not totally cut, predicts regulatory attorney Sharon Klein of the law firm Blank Rome. What else should the health sector expect?

The pace of change including the rise of artificial intelligence and a sense of accelerating chaos can make cybersecurity professionals feel like "things are kind of everything, everywhere, all at once," said Black Hat conference founder Jeff Moss. How should they respond?

Many important efforts by the Cybersecurity Infrastructure and Security Agency to help the healthcare sector and other critical infrastructure sectors bolster their cybersecurity are likely to continue under the incoming Trump administration, predicted CISA Deputy Director Nitin Natarajan.

The first 100 days of the next Trump administration and new Congress will be critical in showing signs of what's potentially in store for the healthcare sector cybersecurity, privacy and related regulatory and legislative issues in the new year, said Chelsea Arnone and Cassie Ballard of CHIME.

As healthcare entities embrace generative AI tools, it's critical they take a holistic approach addressing privacy and security governance, said Dave Perry, digital workspace operations manager, St. Joseph's Healthcare in Ontario, who discusses how his organization is tackling those challenges.

Fully homomorphic encryption can safeguard highly sensitive health data related to rare diseases, underserved populations and clinical trials as it is shared with medical researchers, said Kurt Rohloff, co-founder and CTO of Duality Technologies, who said projects to apply it are underway right now.

Cyber incident details involving non-profit and non-government entities across sectors such as healthcare are not centrally reported and collected, creating gaps for researchers, IT experts and others seeking to analyze trends in their industries, said Stanley Mierzwa of Kean University.

One of the most important lessons emerging in 2024 for the healthcare sector is that entities should diligently prepare contingency plans for potential cyberattacks that seriously disrupt their critical third-party vendors, advises regulatory attorney Betsy Hodge of the law firm Akerman.

Washington and Nevada were among states enacting new data privacy laws in 2024, and that trend among states will likely continue into 2025 as the next presidential administration comes into office promising to reduce federal regulations, said attorney Melissa Crespo of law firm Morrison Foerster.