CODE DARK: A Creative Approach to Cyberattacks

April 19, 2023
On April 19 at HIMSS23, Nate Lesser, vice president and chief information security officer, Children’s National Hospital, outlined the current cybersecurity landscape and his organization’s collaborative response plan

On the third day of HIMSS23, April 19, being held at McCormick Place Convention Center in Chicago, in an education session entitled “Code Dark: Finding Force Multipliers in Hospital Cybersecurity,” was presented by Nate Lesser, vice president, chief information security officer, Children's National Hospital.

Washington, D.C.-based Children’s National Hospital is celebrating its 150th anniversary this year and has more than 8,000 employees. According to Lesser, the organization is reliant on information technology for all aspects of care and is the only pediatric hospital in the region.

“Everyone is responsible on some level for information security at their organization and we, as cybersecurity leaders, need to figure out how to make that a reality for all of our staff across the entire organization,” Lesser said.

Lesser then explained that cybersecurity attacks are increasing and that medical records are extremely valuable on the dark web. For 12 consecutive years the healthcare industry had the highest average cost of a breach.

Lesser noted that there has been an increase in ransomware attacks on healthcare organizations. “At the end of the day, hospitals are just getting hammered and those who haven’t had a major outage due to ransomware are constantly feeling like, ‘we’re next,’” Lesser said.

Beyond ransomware, Lesser noted, business email compromise attacks increased by 81 percent in 2022 and 175 percent over the past two years. The question, he said, is “How do we balance highly sophisticated engineering phishing and at the same time contend with nation-states and other sophisticated attacks?”

Hospital budgets are not only tight, but there is also a shortage of information security professionals across all industries, not just healthcare. Lesser commented that there are currently 750,000 information security job openings in the U.S.

Right now, according to Lesser, there is a paradigm shift in the industry. “We need force multipliers to overcome the headwinds of increasing attacks and decreasing resources,” he said. Organizations should consider automation, outsourcing/hybrid staffing, and collaboration (external and internal).

Lesser stressed the importance of collaboration. “Cybersecurity is a team sport,” he said. “We need to work together across the entire community, across the entire hospital staff or system, or region and do a better job of collaborating.”

Next, Lesser explained a method that he uses at Children’s National Hospital, dubbed “CODE DARK.” Hospitals have color codes, he noted, saying that there’s code blue, a code color for an active shooter, and even hurricanes. CODE DARK is a code that will be called when a hospital is actively combatting a cyberattack. The DARK in CODE DARK stands for:

  • Disconnect your workstation and internet connect devices.
  • Await instructions from your IT department before reconnecting computers.
  • Report to your managers for department specific downtime actions.
  • Know and follow your department’s emergency policies and procedures.

Regarding how this practice got started, Lesser said, “One of our senior medical leaders said to me that if he saw a ransomware message on his laptop, he’d throw it out. We needed to figure out a way to communicate better.”

“At the end of the day, we all need to put more attention into the response and recover side and all work together to try and shift the paradigm of massively increasing attacks, decreasing resources, and still figure out how to get ahead of the curve,” Lesser concluded.

Sponsored Recommendations

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...

Increase ROI Through AI: Unlocking Scarce Capacity & Staffing

Unlock the potential of AI to optimize capacity and staffing in healthcare. Join us on February 27th to discover how innovative AI-driven solutions can revolutionize operations...