For hospitals defending against cyberattacks, patch management remains a struggle, Fierce Healthcare, ft. Marc Voses
Marc Voses, partner in the Kaufman Dolowich and Voluck New York City office, was quoted in an article by Evan Sweeney that was published in Fierce Healthcare on May 17, 2017.
Cybersecurity experts were disturbed, but not necessarily surprised at the WannaCry ransomware attack that ripped through more than 150 countries over the weekend. Many had predicted an attack of this size and scope was an imminent threat for some time, and most were relieved that U.S. hospitals and systems were generally spared.
Two specific issues have bubbled to the surface in the wake of that attack, highlighting the gaps that still exist within the healthcare industry with even basic cybersecurity controls.
Workforce shortages and patch management—two issues that often go hand in hand—raised concerns about the industry’s ability to fight of future attacks that may be even more targeted. Some of these concerns are addressed in a report from the Department of Health and Human Services’ Cybersecurity Task Force, which is expected to release next week.
Aside from the more pressing, immediate calls to update and patch IT systems and solidify backups, several experts that spoke with FierceHealthcare wondered how this event might shape cybersecurity in healthcare moving forward.
One positive takeaway: The attack will likely give hospital IT risk managers the “ammunition they need” to request more investment from hospital boards to get rid of old systems and software and invest in updated infrastructure, said Marc Voses, a partner at Kaufman Dolowich Voluck LLP in New York, New York.
“What I hope it doesn’t result in is business as usual because the U.S. wasn’t affected as much the U.K.’s healthcare system,” he said. “I hope it does spur spending an allocation of resources for these types of events. Not only that, but I hope the government will assist healthcare institutions in implementing cybersecurity.”