Article | COVID-19 Cyber Security Challenges

Article | COVID-19 Cyber Security Challenges – Healthcare

28th July 2021 Atheneum Team

Expert Profile

Role:

Current Director Information Technology Security

Organization:

WellStar Health System

Bio:

Weimin’s had 23 years of professional experience in the IT strategy industry specially in the area of healthcare with experience gathered at companies like WellStar health, OhioHealth, Providence Health & Services where he managed their entire IT Strategy landscape. At WellStar as the Director of IT Strategy he is accountable for digitalising large parts of their processes and has helped deepen their cybersecurity strategy.

Section 1: Current Cyber Security Trends and Challenges

1.1. What is your organizations approach to cyber security?

There are a few things, one is to protect information assets, specifically the information that has PHI and PII information, that remains our ultimate goal. There is a mega trend, the first thing is how to protect the parameters. Traditionally we are looking at the network as our parameters. We put firewalls and all the security measures to protect the parameters. But that is no longer true. One of the major reason for this change is a lot of people are working from home now. It’s no longer office based in a building. So, everything is controlled. You can log in from anywhere in the world. And from that point you need to have access to those information assets to do your job. So, the parameter protection is no longer sometimes applicable to those type of situation. So, the trend is that we’re going to be break down those parameters, we are going to protect instead of the parameter of the network we’re going to protect each workload, each application access and each session. So, this is some of the new technology, and it would really start having a shift in a market in terms of technology to protect this new parameter.

1.2. What are the current cybersecurity priorities?

We want to be concentrated on few things. One is the data loss prevention, we want to prevent any sensitive data, out of our control. So that’s one of the first thing we want to focus on. We put a lot of money, effort and the staff into this initiative.

The other major area is how do we posture ourselves so that we reduce the chance to be targeted, as some of the malware attack, such as ransomware.

We don’t want to be a target and maybe because have a invested a little bit of extra metal, hopefully this turns people off. So those are the two major I think as a leader within the security, I am really trying to achieve here for our organization.

1.3. What are your current cybersecurity challenges?

1.3.1. COVID 19

One is that my staff and my whole organization, used to be working from the office but now all those people are working remotely. That has put strain on some of the infrastructure because we never designed for it take in so much load from remote working. That is one of the things we have been working on, making sure our network capacity and some of the server capacity with data syncing is able to deal with this extreme high working load.

The other thing is my focus on protection of our information assets it’s about data loss. So how do we set up a policy within each device so then make sure that if anything happens, we’re able to stop it. For example, maybe people share certain sensitive information to some domain that we think is not safe. So, we need to really continue to modify or update those lists so that those protection can be most effective. So COVID 19 is in a way good because now we really pay attention to something that we normally don’t pay too much attention to. Now it is something up in front that we need to deal with.

1.3.2. Cloud security

Cyber security in the cloud space has always been a challenge. The challenges I think there’s a few, one is that knowledge base. Cloud computing is something new to a lot of us, so, there’s a learning curve, how to manage that security within that type of environment. And each vendor may have a different set of two and how do we leverage that?

The other one is that, how do we make sure that to some of the security control that we have implemented for our data center we call it on premise data center. How do we make sure that those things can be implemented within the cloud space as well. And the other challenges is that we don’t have we feel like sometimes we don’t have a full control of the environment, even though you know this, maybe, has to do with the skill sets to but for most part, I think it’s a learning curve.

The third part really has to do with the technology itself because it’s continually evolving and how do we keep that up so that we can continue to operationalize some of the security operation. That is another very huge challenges for us, because we have a relatively small team, we have a lot of ground to cover but with this new enterprise and its new platform it is very hard to keep it up.

The fourth part is about the regulation and compliance. Within health care, we have a very highly regulated environment. The patient privacy on top of regular information security. So how do we make sure that we have auditing system to build around both our data center as well as the cloud space in a way that to be able to detect some of the anomalies in a timely manner. And to remediate some of the things we need to, so we continue to be compliant. That is always very challenging for any operation. So those are the four things I think we will be working very hard on.

1.4. What are companies doing so that all the challenges bought by COVID 19, remote working, cloud security challenges that could be reduced?

First, we need to have organizational changes, the team working on those things. It’s not just the technology, as we all know, we need to start from the very top of the organization, looking at the overall security needs. Especially with some of the impact from the pandemic, what are some of policy procedures, we need to have based on the requirements from our business and compliance needs.

Once we have policy procedures, we can we usually do regular gap analysis, look into the technology we have, looking at the process, and looking at the staffing we have in order to run this operation to continue to maximize the protection we have for our information assets, what are the gaps that are still there.

Based on that gap, then we designed the plan in terms of whether or not this leads to process improvement. Maybe this has to do with system integration or maybe we need to simply hire more people or we need to buy a new technology to beef up a certain area with security. So, I think it involves multiple layers & effort from multiple teams’ to try and address the risks.

Section 2: Post COVID Strategies and Outlook

2.1. Have there been changes in the CS landscape during the pandemic?

For the post pandemic, it has to do with the continuation of the things we have started during the pandemic. There will be some changes from the operation perspective, potentially, in terms of how we construct the team. How we get our work done that’s probably going to be permanent, even though one day the pandemic will be totally behind us. But, as we have gone through this whole thing and we actually by accident we find that sometimes, by doing something an alternative way we find it is more effective.

People may forever work remotely and some of the tools that we put into place, maybe it’s more effective compared to some of the conventional tools before the pandemic. Team communication, maybe it’s more efficient now, because now we use Teams and Zoom. We can use this as a second choice. The first choice being meeting in person. So, all these changes combined together will be creating a working environment as more efficient but also cutting down some of the unnecessary meetings because now we are able to chat right away.

From a strategic perspective for information assets protection for the cyber security, I think we definitely learned a thing or two during the process. We can continue with some of our efforts, to continue to protect our endpoint to build a zero trust model, for access, our information assets and to continue the innovation in terms of policy procedures we built for those tools, to maximize the usage of the tool.

I think it is not going to be some earth-shattering new technology per se and there’s more build on to some of the things that we already started with.

2.2. What has been the impact of these key changes or key developments since COVID started on your business?

In terms of number, I will estimate it to be around 30% to 40% change. This is mainly based on the working set up, mostly people working from remote. By large it is the single largest category of change we have experienced in cyber security for healthcare organization.

2.3. Have you seen change in the customer or client CS attitudes since COVID began?

I would say yes. People are more vigilant about cyber security. The training of course, we increased some training efforts as well, overall, I think because working from home we implemented certain tools, so that is specifically to add a little extra protection for the people working from remote. And so, I think the awareness of the cyber security is definitely better compared to pre pandemic.

2.4. What new risks are you now preparing for in the post-COVID world?

The new risk, really has to do with the engagement, we now have people working remotely. Obviously, how do we make sure that at least you have a chance to measure the productivity. And how to become used to continue to have the people engaged with various different tasks, so they do not feel bored. That is going to be pretty challenging as a leader and as a matter of fact to any people within the field. And so that’s one thing from the organization structure perspective.

From a technology perspective, I think it really has to do with the new tools that need to come out, as I mentioned early zero trust is the model that we are moving towards. If that is the model, we don’t really have a whole lot choices at this time. And people start really putting some of the innovation, research money into this field.

Now if this really comes to fruition, a lot of team organization is going to spend time on shifting towards that model, so there is another wave of technology transition or technology transformation. I would predict, after 12 months of this pandemic we will see a lot of new technology within cybersecurity to tailor some of the two sets with the new working environment and to address remoteness both of patients, as well as staff.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_27C9YQ1ZGC	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_66666848_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

COVID-19 Cyber Security Challenges – Healthcare

Interview Transcript