HIMSS25 panel provides tips on combating cybersecurity threats

LAS VEGAS – At the HIMSS Global Health Conference & Exhibition here, Jon Moore, chief risk officer and senior vice president of consulting services and client success at Clearwater Security and Compliance, and Michael Gross, manager of cyber intelligence at the Cleveland Clinic, discussed how to stay on top of threats through intelligence sources.

In their talk titled, “Mastering Cyber Threat Intelligence to Protect Patient Safety,” Moore and Gross said it is vital to understand how to interpret and leverage threat intelligence.

“It’s hard to miss the daily announcements of some sort of ransomware attack or cyberattack,” said Moore.

“The attacks are becoming more and more sophisticated,” Gross added.

Because cyberthreats are escalating in frequency and severity, staying on top of threats through intelligence sources is vital. 

One way to do that, according to Moore and Gross, is to incorporate threat intelligence into a holistic cybersecurity strategy.

Another is to describe varying sources of cyber threat intelligence (CTI) data and what information can be gathered from each.

The pair said distinguishing between different tactical cybersecurity strategies and how each is leveraged as part of a larger cybersecurity strategy is important as healthcare organizations are open to attack by global threat actors.

Moore and Gross cited data that said 244 threat actors exist and are targeting U.S. industries as a whole, with 114 going after the U.S. healthcare industry.

Seventy-five breaches that were the result of hacking were reported to the Office for Civil Rights in the last 12 months.

“The frequency of the attacks is just startling,” said Moore. 

Attacks against healthcare are increasing, with 2,018 average weekly attacks on healthcare, a 32% increase over last year, the pair said.

Patient safety is also a growing concern, as, according to Moore and Gross, data has shown 22% of providers who had a ransomware attack reported increased mortality rates following the attack.

“Attacks can impact lives of patients who are depending on those systems,” said Gross.  

Moore said it can take one to three months for an institution to recover from a ransomware attack, which can have financial implications. 

CTI, he said, is the collection and analysis of data related to current and emerging cyberthreats, providing insights into attacker tactics, techniques and motivations, as well as key indicators of compromise (IOCs), enabling organizations to proactively detect, prevent and respond to cyberattacks.

The benefits include understanding potential security threats, responding to incidents faster and reducing costs associated with data breaches.

Types of CTI include tactical, which focuses on the techniques, tactics and procedures of specific cyber adversaries and operations, providing specific information on how a threat actor operates, including their motives, capabilities and potential next steps based on how they have behaved in the past.

There is also the strategic type, which provides a broad view of potential threats and their implications to help make informed decisions about resource allocation, policy updates and long-term planning.

The six stages of the CTI life cycle are planning and direction, collection, processing, analysis, dissemination and feedback.

Sources of CTI in healthcare include the FBI, Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency.

According to Moore and Gross, it’s also a good idea to analyze for patterns, looking for unusual activity, trends and anomalies in behavior.

They also recommended assessing vulnerabilities and risks and determining which threats apply to your environment and prioritize response.

When it comes to leveraging CTI, Moore and Gross recommend integrating into security tools, conducting threat hunting, informing incident response, improving vulnerability management, and enhancing awareness and training.

The presenters said it is advisable to move from a reactive to a proactive approach. 

For example, integrate with threat detection, enhance incident response, inform risk management, empower team collaboration, and adopt a proactive and evolving approach to stay ahead of emerging threats.

They asserted that long-term cybersecurity strategies are essential for organizations to stay ahead of evolving threats and ensure sustained protection of sensitive data and critical systems.