He outlines steps hospital leaders should take to ensure that cybersecurity is a top priority throughout the organization.
As hospitals face more ransomware attacks, Steve Cagle says top executives and boards must make cybersecurity a high priority throughout the organization.
Cagle, the CEO of Clearwater, a cybersecurity firm, outlined some steps in a recent interview with Chief Healthcare Executive®.
“I think it starts all the way at the level board. It's important to establish a culture of cybersecurity," Cagle says. "Cybersecurity is everybody's job. And it has to be thought of that way. It has to be something that we're thinking about constantly."
Hospital CEOs must make cybersecurity an organization-wide mission, and he says leaders must tie cybersecurity to patient care.
“For healthcare providers, of course, core to the mission is treating patients and we can't treat patients effectively when the organization is being crippled by a cyber incident, or when we have hundreds of thousands or millions, or any number of records that are being compromised, that are very sensitive in nature,” he says.
Cagle says it’s important for all areas of the hospital to focus on improving defenses against ransomware attacks and developing detailed plans to respond when an attack occurs. Hospitals need to determine which systems must be restored first, and he says health systems need strong business continuity plans and disaster recovery plans.
“That's a very good way of getting business people involved in the conversation,” Cagle says. “And it brings a lot of attention to how important it is that those systems are running.”
Health leaders must recognize that ransomware attacks aren’t just costly and disruptive, Cagle says. They threaten patient safety.
“We've seen so many ransomware attacks, even some in the last 60 days, at hospitals that have forced those hospitals to shut down their systems, canceled surgeries, ambulances diverted from emergency rooms, test results that are just not available,” he says. “Because, you know, those systems have been unfortunately compromised. So even when we're running manual backups, we're not able to deliver the same level of care that we could if all of our systems are running.”
Read more from Chief Healthcare Executive