{"id":634249,"date":"2023-04-22T19:56:15","date_gmt":"2023-04-23T00:56:15","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/22\/integrating-code-dark-into-healthcare-emergency-response\/"},"modified":"2023-04-22T19:56:15","modified_gmt":"2023-04-23T00:56:15","slug":"integrating-code-dark-into-healthcare-emergency-response","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/22\/integrating-code-dark-into-healthcare-emergency-response\/","title":{"rendered":"Integrating &#8216;code dark&#8217; into healthcare emergency response"},"content":{"rendered":"<div property=\"content:encoded\">\n<p>CHICAGO \u2013 It&#8217;s the most valuable data on the dark web, and with 76% of healthcare organizations paying the ransoms, &#8220;we&#8217;re funding the attacks ourselves,&#8221; said Nate Lesser, Children&#8217;s National Hospital&#8217;s vice president and CISO.<\/p>\n<p>Ransomware is the chief concern keeping hospital and healthcare cybersecurity officers up at night, Lesser said at the 2023 HIMSS Global Health Conference &#038;\u00a0Exhibition here on Wednesday.\u00a0<\/p>\n<p>While budgets and reimbursements are down\u00a0and payroll is up, there&#8217;s not enough information security talent to go around even if the money were there, he said.<\/p>\n<p>To complicate matters further, artificial intelligence &#8220;is improving attackers&#8217; ability to launch highly sophisticated social engineering phishing attacks.&#8221;\u00a0<\/p>\n<p>Considering that the\u00a0average healthcare data breach lifecycle is 329 days and compromises the ability to deliver patient care, it&#8217;s clear that cybersecurity must be &#8220;a team sport,&#8221; said Lesser.<\/p>\n<p>He advised conference attendees to work within their organization&#8217;s existing incident response mechanisms to create and practice a cyber incident protocol that involves all employees \u2013 from facilities staff to surgeons.<\/p>\n<p>At Children&#8217;s, all the hospital&#8217;s employees are considered &#8220;force multipliers&#8221; \u2013 they know they have to act quickly to reduce &#8220;the blast radius&#8221; when a &#8220;code dark&#8221;\u00a0is called.<\/p>\n<p>Lesser said he was fortunate that an emergency response framework was already well-built at the hospital.<\/p>\n<p>&#8220;It&#8217;s all about folding it into things that are already working.&#8221;<\/p>\n<p>He said the hospital chose &#8220;code dark&#8221;\u00a0to trigger full-scale cyberattack response because employees are trained to respond to codes. To help contain the attack and improve\u00a0the speed of recovery after a cyberattack, employees are asked\u00a0take the following\u00a0steps:<\/p>\n<ul>\n<li>Disconnect workstations and internet-connected devices.<\/li>\n<li>Await instructions from the IT department before reconnecting computers.<\/li>\n<li>Report to managers for specific downtime actions.<\/li>\n<li>Know and follow emergency policies and procedures.<\/li>\n<\/ul>\n<h2>Hospital cyberattacks call for all hands on deck<\/h2>\n<p>Lesser added that in launching an organization-wide cyber response protocol, it&#8217;s critical to get executive leadership support and to partner with device owners, like radiology departments.\u00a0<\/p>\n<p>But &#8220;code dark&#8221;\u00a0won&#8217;t work unless employees exercise the steps, develop department policies, have downtime procedures in place, exercise more, train on downtime procedures and exercise all the steps again.<\/p>\n<p>It seems simple, but &#8220;none of this makes any kind of difference if you don&#8217;t put it in writing, if you don&#8217;t train your staff, if you don&#8217;t exercise,&#8221; he said.<\/p>\n<p>Exercise is so critical to operationalizing &#8220;code dark,&#8221;\u00a0because employees need to learn how to recalibrate for downtown procedures.\u00a0<\/p>\n<p>They can&#8217;t print downtime sheets when printers are offline\u00a0or access controlled medication if they don&#8217;t know where the key is to switch the automated medication dispensing system to downtime mode, he said. Exercise can prevent employees from feeling confounded if an attack were to initiate the procedure.<\/p>\n<p>To present cyber response protocols to individual teams and departments throughout the organization, &#8220;go to meetings that are already happening,&#8221; Lesser said.\u00a0<\/p>\n<p>He noted that calling and timing a &#8220;code dark&#8221;\u00a0is a &#8220;fine line&#8221; the hospital is still trying to figure out.\u00a0<\/p>\n<p>Also, &#8220;with a highly sophisticated ransomware attack that is compromising the main controllers and moving really quickly across the network, I&#8217;m not sure we&#8217;ll be able to call it in time,&#8221; he said.\u00a0<\/p>\n<p>&#8220;But I am sure that by having this conversation with your staff, you are automatically improving your chances.&#8221;<\/p>\n<p><em>Andrea Fox is senior editor of Healthcare IT News.<br \/>\nEmail:\u00a0<a href=\"http:\/\/www.healthcareitnews.com\/mailto:af**@***ss.org\" data-original-string=\"GzlPodLXa7JVst2R04Pu2A==7f4crY8gywUZE8PcWwlK7QVCA==\" title=\"This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.\" target=\"_blank\" rel=\"noopener\"><span \n                data-original-string='\/HUsDexJDGqgoATRB1i\/XQ==7f4VydQqG\/ZRQlweQNFTaTjxQ=='\n                class='apbct-email-encoder'\n                title='This contact has been encoded by Anti-Spam by CleanTalk. Click to decode. To finish the decoding make sure that JavaScript is enabled in your browser.'>af<span class=\"apbct-blur\">**<\/span>@<span class=\"apbct-blur\">***<\/span>ss.org<\/span><\/a><\/em><br \/><em>Healthcare IT News is a HIMSS Media publication.<\/em><\/p>\n<\/div>\n<p><a href=\"https:\/\/www.healthcareitnews.com\/news\/integrating-code-dark-healthcare-emergency-response\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Dion Menjivar<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CHICAGO \u2013 It&#8217;s the most valuable data on the dark web, and with 76% of healthcare organizations paying the ransoms, &#8220;we&#8217;re funding the attacks ourselves,&#8221; said Nate Lesser, Children&#8217;s National Hospital&#8217;s vice president and CISO. Ransomware is the chief concern keeping hospital and healthcare cybersecurity officers up at night, Lesser said at the 2023 HIMSS<\/p>\n","protected":false},"author":1,"featured_media":634250,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37506,40818],"tags":[],"class_list":["post-634249","post","type-post","status-publish","format-standard","has-post-thumbnail","category-code","category-integrating"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/634249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=634249"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/634249\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/634250"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=634249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=634249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=634249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}