Mt. San Rafael Hospital thwarted a ransomware attack on one of its sister facilities earlier this year before anything could be compromised. The organization is still working through the details of the hack, says CIO Michael Archuleta, whose hospital is part of the BridgeCare Health Network, which includes five hospitals in Colorado.\n\u201cIt could have been a bad issue if we didn\u2019t have the automation and intelligence to catch and stop it,\u201d says Archuleta.\n[ Learn from your peers: Check out our State of the CIO 2021 report on the challenges and concerns of CIOs today. | Find out the 7 skills of successful digital leaders and the secrets of highly innovative CIOs. | Get weekly insights by signing up for our CIO Leader newsletter. ]\nThe vast majority of ransomware stems from a malicious email attachment that employees open and unwittingly propagate across a network. Attackers can use this exploit to lock up systems and demand payment to release them.\nNot every organization has been so quick to catch malicious behavior. Just ask the victims caught in the 2020 SolarWinds dragnet, which infiltrated the software supply chain and spread like wildfire across thousands of businesses and government agencies, including the US State Department. The global pandemic has proved to be a fertile opportunity for perpetrators to unleash cybersecurity attacks against every industry grappling with impacts of COVID-19 on their businesses.\nHealthcare is ripe for cyberattack\nPerhaps no sector has grappled with ransomware \u2014 among other digital attacks \u2014 than the healthcare industry, whose wealth of connected computers, medical devices, and patient information make it a treasure trove for attackers. In 2020 alone, 18 ransomware families infected 104 healthcare organizations, including hospitals, pharmaceutical firms, and biomedical companies, according to cybersecurity vendor CrowdStrike\u2019s 2021 global threat report.\n\u201cHealthcare organizations tend not to be as ready from a cybersecurity perspective as others,\u201d in defending against attacks, according to Gartner analyst Paul Proctor, who says he has fielded several calls from hospital CIOs and security leaders about threats during the pandemic. Some want to know what they can do to better stop the attacks; others have already experienced the \u201ctransformative moment\u201d of being breached.\nWhat surprises Proctor is the continued resistance of executive decision-makers to acknowledge the importance of the technology they rely on to support their organization. Many healthcare execs continue to view cybersecurity as a compliance concern rather than as an existential business risk. As a result, many healthcare organizations still underinvest in technology and fail to educate staff in basic cyberhygiene, such as how to identify phishing attacks.\n\u201cBank executives take security quite seriously; hospital executives don\u2019t,\u201d Proctor says.\nHospital IT steels itself against attacks\nMt. San Rafael\u2019s Archuleta agrees, noting that industries such finance and energy practice better cybersecurity than healthcare organizations. And despite seeing more \u201cattacks of opportunity\u201d during the outbreak, Archuleta says, many organizations still bolt on cybersecurity rather than integrate it as part of their core IT strategies.\n Mt. San Rafael Hospital\n\nMichael Archuleta, CIO, Mt. San Rafael Hospital\n\n\n\u201cCyber has been seen as cost center rather than as strategic revenue contributors,\u201d he says. \u201cWe need to drive innovation.\u201d\nTo defend his hospital, Arculeta has deployed Cylera software to monitor an internet of things (IoT) network that spans radiology machines, computers, and other equipment. \u201cIt provides that hawk-eye view,\u201d of everything from IP addresses and operating systems to printers and virtual local area networks, Archuleta says.\u00a0 The software, which IT staff can watch categorizing threats by risk on a dashboard, disconnects devices or systems from the network if it detects anomalies.\nMt. San Rafael\u2019s defense strategy also includes software and hardware from Dell, Cisco, and Splunk. Archuleta also provides cybersecurity education to ensure a \u201cstrong human firewall.\u201d\n Cedars-Sinai\n\nDarren Dworkin, CIO, Cedars-Sinai\n\n\nThe rise of ransomware and other cyberthreats during the pandemic is gaining the attention of other healthcare facilities as well. Cedars-Sinai Hospital, for example, has \u201cdeployed a bunch of things,\u201d to protect the organization against ransomware and various threats, according to CIO Darren Dworkin.\nFor instance, the IT department expanded the hospital\u2019s virtual desktop infrastructure to account for more employees working from home and deployed monitoring tools on home computers.\n\u201cAt the core, more of everything, including reliance on SOCs [security operations centers] and tools to manage incidents,\u201d Dworkin tells CIO.com.\nRansomware reigns as chief concern\nDr. Sam Amirfar, CIO of The Brooklyn Hospital Center, says the the number of bots trolling for weaknesses has increased expotentially since he joined the organization in 2014. The bots uncover vulnerabilities and relay them to human perpetrators, who can then drop targeted payloads into facilities for ransomware. \u201cYou\u2019d be in awe of how sophsticated some of the attacks have been,\u201d Amirfar tells CIO.com.\nAmirfar attributes this increase in attacks on healthcare systems to the rise of sophisticated hacking tools and cryptocurrencies such as Bitcoin, which make it easier for perpetrators to accept payments anonymously. He is especially worried that perpetrators will trick healthcare workers perpetually fatigued and stressed out from the pandemic to click on malicious links in emails and text messages.\n The Brooklyn Hospital Center\n\nDr. Sam Amirfar, CIO, The Brooklyn Hospital Center\n\n\nAlthough the Center is small \u2014 a single facility with around 200 beds \u2014 its proximity to the Barclays Center arena, which hosts professional basketball games and concerts among other events, makes it a potential target.\nAmirfar offered the following hypothetical: Suppose a popstar injured a leg while performing at Barclays Center and was taken to the Center for treatment. If publicized, it would make the hospital a ripe target. Amirfar fears a hacker could drop a ransomware attack on the hospital, locking up its computers with encryption software and demanding payment in Bitcoin to release the decryption keys.\nSuch plausible scenarios make it hard for Amirfar to sleep comfortably at night, even though he pays Cisco Systems to manage a SOC for the hospital, which operates more than 2,200 PCs and 500 servers. If Cisco detects something suspicious, it shuts it down and immediately alerts Amirfar\u2019s team.\n\u201cCisco set up a big safety net,\u201d Amirfar says. In one month, the Center logged over 148 million security events that were analyzed and either dismissed or investigated by Cisco. Of those 148 million, 248 were further investigated by Cisco, less than a third of which were elevated to Amirfar\u2019s team for final resolution.\nEven so, Amirfar acknowledges that hospitals are \u201cpawns in a great digital war.\u201d\n\u201cIf the State Department can\u2019t protect itself, I don\u2019t see how we can protect ourselves,\u201d Amirfar adds, alluding to the SolarWinds attack.