A computer systems analyst at the University of Maryland, who has been hired to investigate cybersecurity issues in the nation’s hospitals, said hospitals don “do not have adequate” cybersecurity to monitor and defend against attacks on their systems.
“The risk of an attack is real and there’s nothing I can do about it.
If they can get into the computer system, they can exploit the vulnerabilities,” said computer systems specialist Brian Johnson.
He said hospitals have been hit with cyberattacks at least twice since the end of last year, and the two recent hacks on a hospital computer system that was used to manage a Medicare-funded health insurance program are both believed to have been carried out by China.
The breaches at hospitals have led to delays and cancellations of procedures, but Johnson said it is too early to say whether the hacks were successful in damaging the systems.
In May, the Federal Bureau of Investigation announced that the FBI has arrested and charged six people in the hack of Anthem Blue Cross and Blue Shield of Maryland.
The FBI and other law enforcement agencies are looking into possible links between the hacks and the Anthem breaches.
“Hospitals are not the only ones that need to be aware of cybersecurity threats,” Johnson said.
“They’re also a part of our economy and their employees.”
Johnson said he has been working for several months at the university’s Center for Cybersecurity and Information Technology (CCIT), which focuses on cybersecurity issues at the federal level.
“I’ve been in IT for 30 years, so I’ve worked in a lot of different areas, from security to cybersecurity,” he said.
He added that the hospital security team needs to be trained and well-versed in cybersecurity, and that he thinks hospitals will be able to improve their cybersecurity in the future.
Johnson is also helping to develop a new system that could provide greater control over systems at hospitals that are used for Medicare payments, such as those used to pay for certain hospital-related services.
He has also been working with other cybersecurity experts to develop plans to strengthen the system at other hospitals and universities.
“We have a lot to do,” Johnson told CNN.
“And we will do it together.”
Johnson, who will start his job in June, is also working with the National Institute of Standards and Technology, which has recently launched a cyber-security training program.
Johnson said the program is meant to help the hospital community understand cybersecurity threats and what needs to happen to protect its computers from hacking attacks.
He plans to travel the country this summer, speaking to hospital administrators and other healthcare professionals.
Johnson told his audience at the Black Hat cybersecurity conference in Las Vegas last month that the United States has a “dramatic cybersecurity challenge” and that the need for cybersecurity is urgent.
“Our hospitals are at the forefront of this challenge,” Johnson continued.
“At the end, if something is going wrong, our hospitals will lose patients.
We’ve lost people in our hospitals.
We’re going to lose patients in our community, and we are going to have a catastrophic effect on our economy.”