The use of legacy electronic systems by providers and the more frequent implementation of bring-your-own-device policies represent some of the top challenges to healthcare cybersecurity, at least in the eyes of the Federal Bureau of Investigation.
Speaking Monday at the HIMSS Connected Health Conference just outside of the District of Columbia, Donald Good, deputy assistant director of cyberintelligence and outreach at the FBI, also said the mandatory transition from paper to electronic health records has been difficult from a privacy and security perspective, noting that there's a higher payout on the black market for such information because it's so detailed.
Good said his agency in recent months has worked very closely with the Department of Health and Human Services on some of the industry's more high-profile breaches, including the hacks of Community Health Systems and insurers Anthem and Premera. Unfortunately, he said, no matter how hard the FBI works, the damage is done.
"At the end of the day, the data is already gone," Good said.
To that end, he encouraged all industry stakeholders to not only have a disaster recovery plan in place in the event of a breach, but also a close working relationship with law enforcement.
"Speed matters," Good said. "If you see something, and you want to engage us, the sooner you engage us, the better because the information moves very, very quickly. ... These crimes quickly go outside of their local jurisdiction and state."
Good said that even if the FBI can't recover the breached information, it's still important for organizations to reach out to law enforcement, as it can help them realize how and why they lost their information.
"We can help you learn from what happened," he said. "We can make you more resilient. "This is a problem everybody faces. I don't care which segment you're in, but at some point, pretty much everybody faces it."