The Security Detail Download: Cyber Threats to the Healthcare Sector

The Security Detail is a podcast series facilitated and hosted by SURGe, Splunk’s strategic security research team.

Every other week, co-hosts Audra Streetman and Kirsty Paine interview security experts about the cyber threat landscape across various industries.

Episode five features an interview with Zach Nelson, Assistant Vice President of Health-ISAC's Threat Operations Center. In his role, Zach oversees various critical daily operations, including managing Health-ISAC's indicator threat sharing and bidirectional threat information sharing programs. Read the top takeaways from his interview, or download the full episode.

1. Information sharing promotes resilience without requiring big budgets.

Nelson emphasized the significance of being part of an information sharing and analysis center (ISAC) – especially in the healthcare sector, when budgets are often limited. These organizations provide a platform for sharing cyber threat intelligence, best practices and targeted alerts among members. Collaboration and information sharing help organizations stay resilient against cyberattacks and protect critical infrastructure sectors like healthcare.“It's tailored to just about anybody, whether you want to be a fly on the wall and just get the information that you need, or if you're looking to really show off what you're capable of, or if you're looking for best practices, to share cyber threat intelligence,” Nelson said.

2. Collecting telemetry data can help reduce the attack surface.

Cyberattacks targeting healthcare organizations have been on an upward trajectory, according to Nelson. Ransomware groups increasingly target healthcare organizations due to perceived vulnerabilities and the value of patient data. Nelson mentions the role of intelligence partners in providing telemetry data to help the healthcare sector defend against ransomware attacks.“I think that's also a point of collection for a lot of organizations as they can start to look at that data and look past the indicators of compromise and begin to realize why attribution is very difficult,” Nelson explained. “They can start modeling and predicting what may occur in the future that will help them better reduce their attack surface.”

3. Refusing to pay ransom and prioritizing patient safety is a tricky balancing act.

Nelson also highlights the complex dilemma healthcare organizations face when dealing with ransomware attacks. While discouraging paying ransoms to prevent perpetuating the ransomware ecosystem, he acknowledges the potential gray area when patient safety is at risk. Downtime can endanger patients' lives, making the decision more challenging. Finding a balance between preventing financial incentives for attackers and ensuring patient care is crucial.“That's where I think your tabletop exercises come into play, to make sure that everybody is aware of what should occur should that event happen within your facility,” Nelson said regarding ransomware attacks on healthcare facilities. “That way business can continue to keep moving on as it should and you continue to protect those patients.”Listen to the full interview to hear Nelson’s concerns about nation-state activity targeting healthcare, the use of generative AI for phishing attacks and the importance of cybersecurity standards for medical devices.To learn more about The Security Detail podcast, visit thesecuritydetail.podbean.com.