CISA's Deputy Director Stresses Need for Cyber-Safe Hardware and Software

April 8, 2024
During the annual HIMSS conference, CISA’s deputy director cautioned the audience on the state of cyber in healthcare

Deputy director for the Cybersecurity and Infrastructure Security Agency (CISA) Nitin Natarajan spoke last month on the state of cybersecurity in healthcare at the annual HIMSS conference in Orlando.

In a cybersecurity preconference, he informed the audience that the CISA represents sixteen interdependent sectors. As Natarajan explained the threat landscape, he expressed that there has been a change in the adversary and victim landscape. For adversaries, it’s easier to attack. “There are now attacks in rural areas,” he said, “the combination is precarious.”

Natarajan advised pushing the industry to create safe products. “Security should be built into devices,” he noted. He cautioned that there needs to be increased awareness concerning the hardware and software that is being bought. “The secure by design effort is a global effort.”

Natarajan explained risk as a three-legged stool: identification, mitigation, and acceptance. In a joint effort with the U.S. Department of Human Health Services (HHS), CISA is providing free resources, including toolkits and tabletop exercises, to build resilience, he said.

An audience member expressed concern about people who fear reporting incidents out of fear of retribution. “How do we make a safe space for people to report incidents?” they asked. “We are punishing people who do the best they can with the resources they have.” Natarajan answered, “we don’t want to victim shame.” It’s important to report incidents, he said, “we look to help, and to help prevent others from becoming victims.”

We want to pivot away from blaming, Natarajan said, instead we want to talk about building resilience. “How do we bounce back quicker and recover in a timelier matter.” Obtaining timely information is key, he said. “We don’t want to become a burden. We want to protect other organizations.”

Sponsored Recommendations

Patient Engagement and ML/AI – Modern Interoperability as an enabler for value based care

Discover how modern interoperability empowers patient engagement and leverages ML/AI for better outcomes in value-based care. Join us on June 18th to learn how seamless data integration...

New Research: The State of Healthcare Cloud Security and Compliance Posture

Compliance & Security Debt Awareness Could Have Prevented Change Healthcare & Ascension Healthcare Breaches

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.

Telehealth: Moving Forward Into the Future

Register now to explore two insightful sessions that delve into the transformative potential of telehealth and virtual care management solutions.