Taking Healthcare Cybersecurity From Education to Action
Much farther north, Rich Ingersoll joined St. Lawrence Health, which includes the 94-bed Canton-Potsdam Hospital, in late 2019 as director of systems engineering and architecture after working at Cisco for nearly 20 years.
His goal from day one: Shore up cybersecurity. This meant making investments in modern tools and services, such as managed detection and response from Arctic Wolf; secure remote access with multifactor authentication; and governance, risk management and compliance software. It also included process improvements, such as creating incident response playbooks and conducting tabletop exercises.
To make the case for these types of investments, Ingersoll and St. Lawrence Health CIO Lyndon Allen base their annual financial plans on systemwide security audits. These help the health system view security and disaster recovery as high priorities, Ingersoll says.
A Ryuk-variant ransomware attack in October 2020 put some of the health system’s hospitals to the test.
“We were able to implement continuity of care, and we never lost EHR access in our clinics,” Ingersoll says. “We were diverting ambulances for a little bit, but we weren’t down very long. If we had had to turn cancer patients away, that would have been devastating.”
Once hospital operations returned to normal, Ingersoll used the attack as a learning opportunity. “One of the biggest lessons was that not everybody needed email,” which had been the attack vector, he says.
The Long-Term Impact of Improving Disaster Recovery Postures
New technology, better training, improved processes and a willingness to learn all help rural hospitals improve their disaster recovery posture. And with guidance from federal agencies such as the National Institute of Standards and Technology, the tide is shifting toward a more coordinated, holistic approach to cybersecurity.
At CalvertHealth, Hall says it also helps to keep in mind disaster recovery’s impact on the wider community. The health system conducts annual decontamination drills in conjunction with the nearby Calvert Cliffs Nuclear Power Plant. These drills help both facilities prepare to maintain operations during emergency situations.
The most recent drill included a ransomware attack. Had CalvertHealth’s previous backup technology been in place, “the hospital pretty much would have been brought to a screeching halt,” Hall says. Now, with a recovery time of less than four hours thanks to a cloud-based backup solution, the drill never reached that level of severity.
“It definitely changes your perspective,” Hall adds. “If people understand the impact of what happens when the system goes down, and we can bring it up faster, even when we’re getting hit with a lot of trauma because of a big event happening in the community, then it’s a win.”