Business Continuity Management / Disaster Recovery , COVID-19 , Governance & Risk Management

Cybersecurity Advice for the COVID-19 Era

CISA Adviser Joshua Corman Discusses Essential Steps
Joshua Corman, senior adviser, DHS CISA

Many healthcare organizations have under-resourced security teams, putting them at higher risk for cyber incidents during the COVID-19 pandemic that could result in patient harm, warns cybersecurity expert Joshua Corman.

See Also: OnDemand | The State of Security 2021

“We’re going to fall down a lot, and we’re unlikely to prevent a lot of these attacks,” says Corman, a healthcare sector adviser to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. “But the question is whether you can get back up quickly,” he says, stressing the importance of solid data recovery plans as well as conducting security incident simulation testing.

“Sadly, ransomware attacks are not showing any signs of stopping,” Corman says. “We may have seen our first fatality,” as a result of a recent ransomware incident affecting a German hospital that allegedly caused a delay of emergency care to a patient, he notes (see: Ransomware Attack at Hospital Leads to Patient’s Death).

Slow Patching

Recent research indicates an overall drop in organizations patching software vulnerabilities during the COVID-19 pandemic, he notes in an in-depth interview with Information Security Media Group.

“Some are doing a good job, but because of these [resource] constraints, they’re not patching as quickly,” he says. “And during a pandemic with elevated attacks, this is not the time to take the foot off the gas.”

In this video interview with Information Security Media Group, Corman also discusses:

  • Other urgent cybersecurity issues, including supply chain concerns, facing the healthcare sector during the pandemic;
  • Activities underway by CISA and other industry groups to assist the healthcare sector in tackling cybersecurity challenges during the pandemic;
  • Steps healthcare organizations need to take to shore up cybersecurity.

Corman, who is a founder of grassroots advocacy group "I am The Cavalry," is a senior adviser to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on matters relating to COVID-19 and public safety. He previously served as chief security officer for software and services provider PTC Inc., director of the Cyber Statecraft Initiative for the Atlantic Council and chief technology officer at open-source software firm Sonatype. Corman also serves on the adjunct faculty at Carnegie Mellon’s Heinz College. He was a member of a congressional task force for healthcare industry cybersecurity.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.