A CISO Sizes Up Healthcare Security Threats for 2018Sean Murphy of Premera Blue Cross Discusses the Cyber Challenges Ahead
In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations' operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross.
"I see more disruption in the industry around cybersecurity - it's more than data exfiltration as a concern. I see more ransomware attacks and denial-of-service attacks ... and more of an effort to disrupt the system, the critical infrastructure even more so than trying to get at the data," he says in an interview with Information Security Media Group.
"There's even been a change in how valuable the information itself is, and more emphasis from the adversaries - the nation-states, organized crime - on disrupting patient care or the industry in general to create that panic and fear."
But while healthcare combats those threats, it's also dealing with a shortage of cybersecurity experts who can help wage the battles, he says.
"I see a growing inability to get talent for cybersecurity in healthcare," he says. "There are so many of us competing for what is a very limited resource. So talent acquisition strategies are going to continue being top-of-mind for CISOs. There's just not enough resources to go around."
In the interview, Murphy also discusses:
- Lessons learned from the 2015 cyberattack on Premera Blue Cross that compromised the data of more than 11 million individuals;
- Top lessons emerging from the mega-breach revealed in September by credit reporting giant Equifax, which impacted about more than 143 million individuals;
- How a new collaboration between the Association of Executives in Healthcare Information Security and the Medical Device Innovation, Safety and Security consortium aims to improve information sharing among CISOs related to medical device cybersecurity.
As vice president and CISO at Premera, Murphy is responsible for providing and optimizing an enterprisewide security program and architecture that minimizes risk, enables business imperatives and further strengthens the company's security posture. Prior to joining Premera in July 2015, Murphy was vice president and health information security and privacy officer at Leidos, formerly SAIC. He has more than 20 years of experience in the healthcare information security field and is retired from the U.S. Air Force Medical Service Corps. Murphy is also a board member of the Association for Executives in Healthcare Information Security, a subgroup of the College of Healthcare Information Management Executives.