Combating Cyber Security Threats: Expert Insights from HIMSS25 Panel

At the recent HIMSS Global Health Conference & Exhibition in Las Vegas, a panel discussion titled "Mastering Cyber Threat Intelligence to Protect Patient Safety" shed light on the growing threat of cyber attacks in the healthcare industry. Led by Jon Moore, chief risk officer and senior vice president of consulting services and client success at Clearwater Security and Compliance, and Michael Gross, manager of cyber intelligence at the Cleveland Clinic, the panel highlighted the importance of understanding and leveraging threat intelligence to stay ahead of these threats.

"It's hard to miss the daily announcements of some sort of ransomware attack or cyberattack," said Moore. "The attacks are becoming more and more sophisticated." Gross added that cyberthreats are escalating in frequency and severity, making it crucial for healthcare organizations to stay on top of threats through intelligence sources.

Moore and Gross emphasized the need to incorporate threat intelligence into a holistic cybersecurity strategy. They also discussed the importance of describing varying sources of cyber threat intelligence (CTI) data and what information can be gathered from each. The pair stressed that distinguishing between different tactical cybersecurity strategies and how each is leveraged as part of a larger cybersecurity strategy is vital, especially given the open nature of healthcare organizations to attack by global threat actors.

According to Moore and Gross, there are 244 threat actors targeting U.S. industries as a whole, with 114 going after the U.S. healthcare industry. This has led to an alarming number of breaches, with 75 reported to the Office for Civil Rights in the last 12 months. The frequency of attacks is just startling, with 2,018 average weekly attacks on healthcare, a 32% increase over last year.

Patient safety is also a growing concern, as data has shown that 22% of providers who had a ransomware attack reported increased mortality rates following the attack. "Attacks can impact lives of patients who are depending on those systems," said Gross. Moore noted that it can take one to three months for an institution to recover from a ransomware attack, which can have significant financial implications.

Moore and Gross defined cyber threat intelligence (CTI) as the collection and analysis of data related to current and emerging cyberthreats, providing insights into attacker tactics, techniques, and motivations, as well as key indicators of compromise (IOCs). The benefits of CTI include understanding potential security threats, responding to incidents faster, and reducing costs associated with data breaches.

There are two main types of CTI: tactical and strategic. Tactical CTI focuses on the techniques, tactics, and procedures of specific cyber adversaries and operations, providing specific information on how a threat actor operates, including their motives, capabilities, and potential next steps based on how they have behaved in the past. Strategic CTI provides a broad view of potential threats and their implications to help make informed decisions about resource allocation, policy updates, and long-term planning.

Moore and Gross also discussed the six stages of the CTI life cycle: planning and direction, collection, processing, analysis, dissemination, and feedback. They highlighted various sources of CTI in healthcare, including the FBI, Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency.

When it comes to leveraging CTI, Moore and Gross recommended integrating it into security tools, conducting threat hunting, informing incident response, improving vulnerability management, and enhancing awareness and training. They emphasized the need to move from a reactive to a proactive approach, integrating with threat detection, enhancing incident response, informing risk management, empowering team collaboration, and adopting a proactive and evolving approach to stay ahead of emerging threats.

Long-term cybersecurity strategies are essential for organizations to stay ahead of evolving threats and ensure sustained protection of sensitive data and critical systems. By understanding the importance of CTI and leveraging it effectively, healthcare organizations can significantly reduce their risk of cyber attacks and protect patient safety.