Earlier this year, the Health Information Sharing & Analysis Center (H-ISAC) announced that Salwa Rafee would be hired as the organization’s vice president of global development. Rafee comes to H-ISAC having previously working at IBM as global security and data privacy leader for the public sector. According to H-ISAC—a community of critical infrastructure owners and operators within the global health sector—"Rafee brings tremendous industry experience in healthcare as well as cybersecurity domain knowledge expertise gained during a celebrated 15-year tenure with IBM..” Before working at IBM, Rafee was a global director at Siemens Medical Solutions.
H-ISAC’s global membership includes more than 3,000 security analysts. What attracts this growth, organization leaders contend, is the sharing of high-fidelity threat intelligence and best practices, and access to intelligence tools and a trusted network of health industry peers. With member organizations based in over 150 countries, Rafee will be working on representing H-ISAC membership growth, as well as educating new markets on healthcare security.
Rafee recently spoke with Healthcare Innovation about her role, H-ISAC’s core priorities moving forward, and the evolving cybersecurity threat landscape. Below are excerpts of that discussion.
[Editor’s note: You may learn more from Salwa at the Summer 2020 Virtual Cybersecurity Forum scheduled for Thursday, July 16, 2020. Salwa will be presenting along with five other security experts. Registration is complimentary for cyber practitioners working in healthcare delivery, life science and payer organizations. A small fee applies to vendors and consultants. Learn more and register at: https://endeavor.swoogo.com/Summer_Virtual_Healthcare_Innovation_Cybersecurity_Forum]
Congrats on your recent appointment. Can you describe some of the core initiatives you will be working on at H-ISAC right away?
H-ISAC is making a significant investment with my hire, and this highlights the intent for the organization to go big globally. We have been a global organization, though traditionally focused in the U.S. The plan for us is to reach all the global entities from pharma to hospitals to medical device manufacturers overseas. My area of focus will mostly be on European Union (EU) countries, Asia, the Middle East, and Africa. The sky is the limit, and our focus is to enrich the sharing of information. The mandate here is to share threat intelligence amongst our members. We are going worldwide and going strong.
We’re also looking at global regulations. The FDA has been a great partner and we continue to work for them when it comes to medical device security and healthcare intelligence, and how we’re empowering and improving the posture of our hospital and private company partners. The plan is to work with Health Canada and the EU regulatory authorities—the ones in France and Germany in particular—while also working very closely with Australian and Japanese regulators. We want to shed light on how these regulations are converging, as well as where they differ. We want to make it easier for manufacturers, as an example, to sell overseas; or the other way around by making it easier for them to comply with FDA regulations.
Certainly, cyber and physical security threats don’t stop at the border of any country. What can we learn from global cybersecurity experiences that could be applied here in the U.S.?
Take COVID-19, for example: how is that impacting our physical security here and the cybersecurity across different hospitals, ministries and departments of health? Pandemics like that have become global rather than just localized.
The WannaCry attack was one of the largest ransomware attacks and it was a wake-up call for all of us. The medical devices were the part that affected us here in the U.S.; we discovered that our medical devices could easily be penetrated and affected by all different vulnerabilities, especially operating on the Windows operating system. We also get our medical devices manufactured with different supply chain sources, coming from China, Europe and New Zealand. There are vulnerabilities there that could be exploited.
As far as lessons learned, H-ISAC is forming a global community of industry players—the good guys—and we need to be in this together. Hospitals cannot stand up to these attacks and threats alone. We share with all our members what’s happening on the dark web, as well as daily cyber headlines and real-time threats. We need to keep all the security teams in the loop of what’s happening. Eliminating false positives is one of our mandates here.
H-ISAC has established itself as a leader in this space for sharing intelligence. Can you speak to the importance of cyber professionals attending industry events and networking?
We invite all our cybersecurity professionals and their teams to attend our events. These have been tremendous learning experiences for security professionals. We have our threat operational center at the H-ISAC headquarters (in Ormond Beach, Fla.), and this team acts as an extension of the security department for all our members.
Imagine hospitals and other organizations that have 200 or 300 security professions; we serve as a centralized security team extension to all our members, giving each one of them scalability, and the ability to combat, be proactive, and be resilient with cyberattacks. We partner with organizations such as Healthcare Innovation, HIMSS, and others so we can provide a way for all of us to share and be proactive.