Why States Will Need to Step Up Cyber Help for Healthcare

As uncertainty mounts about the level of cyber resources federal agencies will continue to offer healthcare entities and other critical infrastructure sectors during the current Trump administration, states will need to step up their support, said Mike Hamilton field CISO of cybersecurity firm Lumifi Cyber.

“With respect to the federal government, it is increasingly looking like we’re on our own,” Hamilton said in an interview with Information Security Media Group. “We are going to have to fill the gaps that are left by CISA.”

The reduction of the federal workforce across most agencies, including the Cybersecurity and Infrastructure Security Agency, is fueling questions about the sort of help cyber resource-stretched rural hospitals and other healthcare entities will still have available to tap into, he said (see: CISA Rehires Fired Employees, Immediately Puts Them on Leave).

During the Biden administration, for instance, CISA provided regional cybersecurity advisers, physical security experts and communications resources in communities across the country to assist local and low-resourced organizations with various activities, he said.

“The risk and resilience assessments and things like that – I don’t know if those are going to go forward,” he said. Same with uncertainty involving CISA’s public catalogue of exploited vulnerabilities.

“I think states are going to have to provide some kind of support there,” he said. “That could be in the form of establishing internships with all of the schools that are teaching cybersecurity and deploying interns out into rural healthcare to watch logs, look for signs of compromise. Things like that” (see: Are Efforts to Help Secure Rural Hospitals Doing Any Good?).

As of Friday, a CISA spokesperson in a statement to ISMG said the agency “continues to provide services and resources that help healthcare organizations improve their cybersecurity and build resilience.”

“In close collaboration with interagency and healthcare sector partners, we offer a range of services and tools on our Cybersecurity Toolkit for Healthcare and Public Health,” CISA said.

“In addition to guides and best practices, this toolkit includes enrollment in our free vulnerability scanning service and CISA regional team contact information for guidance and assistance,” CISA said.

In this audio interview with Information Security Media Group (follow link above photo for audio), Hamilton also discussed:

• How funding cuts to Medicaid and other federal programs may impact rural healthcare providers;
• Other low-cost programs and offerings to help rural healthcare entities boost their cybersecurity posture;
• Evolving regulatory issues in the healthcare cybersecurity space to watch closely.

Hamilton has more than 30 years of experience in technology and management. He previously was the co-founder and CISO of security firm Critical Insight and is also the former CISO for the City of Seattle. He is also the former vice chair of the Department of Homeland Security’s State, Local, Tribal, and Territorial Government Coordinating Council.