Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

The Significance of Cybersecurity in Global Health

Funding, awareness and threat information sharing are crucial for the health and safety of all, says Health-ISAC CSO.
By Nuray Taylor
The growing modernization of the health sector creates room for opportunities and vulnerabilities. Credit: tashechka-stock.adobe.com
The growing modernization of the health sector creates room for opportunities and vulnerabilities. Credit: tashechka-stock.adobe.com

From ransomware to phishing scams, cyber crime numbers are on the rise and criminals are even more aggressive than before, with tools like generative artificial intelligence at their disposal. For the health sector, these cyber threats could mean serious consequences for lifesaving operations.

One of the largest examples of this has been the data breach that targeted Change Healthcare—a subsidiary of UnitedHealth since 2022—in February 2024 and has consequently affected about 190 million patients across the United States. That number had reportedly increased from the original 100 million people in January. Though the company paid $22 million in Bitcoin in ransom, sensitive health data and patient information were leaked. 

A May 17 hearing before the Energy and Commerce Oversight and Investigations Subcommittee summoned UnitedHealth CEO Sir Andrew Witty to comment. In his statements, Witty spoke about ongoing investigations on why multifactor authentication (MFA) was not used in a particular service, leading to vulnerability and large-scale attacks.

SIGNAL Media reached out to UnitedHealth Group for comment. In response, a spokesperson directed SIGNAL Media to a United Health Group Frequently Asked Questions link, which provides in-depth analyses on what caused the breach and what the group is doing to mitigate such threats in the future.

To discuss this further, SIGNAL Media spoke with Errol Weiss, chief security officer (CSO) at the Health Information Sharing and Analysis Center, commonly referred to as Health-ISAC.

“Between Change Healthcare and then Ascension Hospital systems, one of the root causes in both of those incidents were lack of MFA on remote accounts,” he stated. Weiss spoke on key areas users should prioritize to safeguard their systems—MFA was one of the four he listed. In addition to the crucial need for MFA for remote access, Weiss mentioned the importance of regular audits to upkeep MFA for all employees, especially those with privileged access to data. Many successful attacks can be traced to a lack of policy implementation, he said.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Another cybersecurity component Weiss emphasized was patch management. “There are just countless examples of modern-day systems being vulnerable to issues that were identified 10-12 years ago,” he stated. Cybersecurity and Infrastructure Security Agency’s (CISA’s) Known Exploited Vulnerabilities Catalog is a valuable tool that helps pinpoint what is being actively exploited by cyber criminals, Weiss added. “We, as a society, health sector certainly, not just in the U.S. but globally as well, are just doing an awful job of staying up to date on patches, and so that’s probably one of the big ways that these exploits are happening.”

Many also overlook third-party providers that could threaten their organization’s systems, Weiss offered. Capabilities such as electronic health records, medical equipment and outsourced lab work must all be reviewed for proper cyber hygiene.

Referring to the recently published 2025 Health Sector Cyber Threat Landscape report, Weiss also spoke on ransomware attacks. All critical systems and data must be backed up, he said. “More importantly, it’s making sure that those backups work as intended,” Weiss suggested. “Let’s practice full restoration; let’s build a brand-new system from the ground up and make sure we can restore it, restore all the data and be back up and running as quickly as possible.”

A common mistake, Weiss mentioned, is organizations believing their backup is running until an urgent call for a backup that fails to operate.

The Health-ISAC CSO also spoke on the importance of threat information sharing. “I’m a big proponent of information sharing and collaboration being a way for organizations to better protect themselves, but also as a way for the individual to learn and be able to get information about what other organizations have implemented in terms of best practices,” Weiss said. These regular discussions on data loss prevention policies, suggestions for chief information security officers (CISOs), etc., help organizations prevent future threats. 

For a global organization like Health-ISAC, which has a membership community of about 1,000 institutions in more than 140 countries—hospitals, medical device manufacturers, pharmaceutical companies, pharmacies, health information technology companies, university health systems, insurance companies—this type of information sharing is crucial for a highly vulnerable sector.

“One of the reasons I would say we’re vulnerable is just from the history of being underfunded in cybersecurity,” Weiss mentioned. This is, in fact, part of the reason he took on his current role six years ago. “Part of it was to help educate so that they could get the funding that they need.”

Third-party providers are often overlooked when it comes to cybersecurity concerns, said H-ISAC Chief Security Officer Erroll Weiss. A self-check-in counter is one example of such cases. Credit: Elena-stock-adobe.com
Third-party providers are often overlooked when it comes to cybersecurity concerns, said H-ISAC Chief Security Officer Errol Weiss. A self-check-in counter is one example of such cases. Credit: Elena-stock-adobe.com

Weiss was initially brought onto the Health-ISAC team to help build out the threat operation center, which now employs analysts who maintain regular threat information sharing with members across the globe. 

One of the reasons for sharing annual threat reports is to help spread awareness of cybersecurity in the health sector, Weiss said. Reports like these can be shared with leadership to showcase “the things that we need to be focused on in 2025 and beyond, and I don’t have the budget to support these kinds of threats. We need more resources.”

This is especially true for smaller rural hospitals within underserved communities, Weiss emphasized. “Those organizations are struggling to survive economically, let alone catch up on all these cybersecurity issues,” he stated. He has had an idea to help sponsor a virtual CISO program through federal funds or other available grants. “We could get a CISO on a part-time basis at these organizations to help them develop a strategic program and then help create the necessary budget ... and then again help that organization execute that plan.” For organizations that cannot afford a full-time CISO, this part-time plan, which has proven effective in the past, could be a saving grace.

Finally, partnership and collaboration with the federal government have played a key role in threat mitigation for the health sector. Regular meetings with the Health Sector Coordinating Council Cybersecurity Working Group have been pivotal in providing strategic best practices in cybersecurity. For example, the council has provided resources on pandemic response, return to work orders, incident response, recovery strategies, checklists and more. 

“That group was really instrumental in terms of helping to get our government counterparts together with the private sector counterparts on a regular weekly or biweekly basis,” Weiss said. The meetings would include analysts and representatives from the Health and Human Services, CISA and Health-ISAC. 

As of February 28, several meetings with federal government representatives had been paused until further notice.

Enjoying The Cyber Edge?
The Cyber Edge is part of SIGNAL Magazine. Subscribe or join AFCEA to receive SIGNAL and its award winning news.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA

Related Cyber Content