Dan Dodson, the CEO of Fortified Health Security, talks about the risks to hospitals, AI in attacks and defense, and what health systems can do to protect themselves.
Cyberattacks in healthcare have commanded national attention in recent weeks.
Dan Dodson, the CEO of Fortified Health Security, a cybersecurity firm, says hospitals and health systems must be wary of attacks targeting their own systems.
In the latest episode of Data Book, a podcast from Chief Healthcare Executive®, Dodson explains that hospitals also are vulnerable to attacks against the hundreds of vendors they rely on every day.
Attackers have learned they can gain access to millions of records by going after the companies working with health systems, Dodson says.
“If I'm successful in penetrating a third party, I can hit multiple different health systems, potentially getting multiple different data elements from many different systems,” Dodson says. “And so from the adversary’s perspective, it's attractive.”
It’s worth noting that this conversation took place before the Change Healthcare cyberattack, which has disrupted the entire healthcare industry. But Dodson’s assessment of the threat to hospitals from attacks on their partners has proven to be prescient.
“We're seeing the rise of third party attacks, because I can get a one-to-many impact,” Dodson says. “We're seeing large scale organizations be taken down to get the most amount of data out of the organization.”
Attackers have learned they can gain access to millions of records by going after the companies working with health systems, Dodson says. More than 100 million Americans were affected by cyberattacks on health organizations.
During the conversation, Dodson talks about the steps hospitals can take to protect themselves. He also talks about the growing role of AI in cybersecurity, and how AI can be used to repel attacks. He also explains that attackers are looking to use AI-powered tools to target organizations.
“This is not some person in their basement in a hoodie,” Dodson says.
“They're using AI, they're using the tools and developing new tools and new attack vectors to get into organizations,” he says. “And so that's something that we have to be mindful of.”
Healthcare leaders need to be very focused on cybersecurity, and organizations need to pay attention to their own vulnerabilities, and their vendors as well, he says.
Ultimately, all hospitals and health systems need to understand they are targets of cyberattacks, Dodson says. Large health systems are tempting targets because they have a high number of records and the resources to pay a hefty ransom. But even small systems are eyed by ransomware groups because they have fewer resources to repel attacks.
“All healthcare organizations are under attack every day,” Dodson says. “And so they're just looking for the easiest way to get in and compromise data. And that could be a large system, it could be a small system, it could be through a third party. I think we’ve got to be shields up kind of across the board.”