Because all these technologies are increasingly more interconnected, a coordinated threat response across disparate systems is essential, he says.
"Obviously cyberattacks can reach systems that are connected, and increasingly now, there are more and more medical healthcare delivery, radiology, laboratory, and other healthcare delivery and devices that are connected," he says.
An additional finding is that the current model of a generic national cybersecurity framework for critical infrastructure is not sufficient to support healthcare organizations in the current cyber threat landscape, HITRUST officials say.
The exercise left HITRUST with several action items, including linking threat intelligence to HITRUST's Common Security Framework, which provides prescriptive security requirements to ensure clarity. "We will augment CSF with the cyber threat intel to make sure the guidance is more robust, because that is that first line of blocking and tackling," says HITRUST CEO Daniel Nutkis.