In an era where cybersecurity is paramount, Jim Roeder, vice president of IT at Lakewood Health System, emphasizes the need for innovation and adaptability among rural hospitals and small medical practices in safeguarding their digital environments. Many of these organizations are facing unique challenges with limited resources, yet there are free resources available from both the private sector and government bodies, as well as open-source tools that can assist them in enhancing their cybersecurity posture.
Programs initiated by tech giants Microsoft and Google are a notable part of this support system, as they offer affordable or complimentary cybersecurity solutions targeted at rural and smaller healthcare facilities. Additionally, organizations like the U.S. Cybersecurity Infrastructure and Security Agency are providing much-needed assistance to ensure these medical entities can protect sensitive patient information.
The urgency for this support is underscored by a recent report from the Health Sector Coordinating Council, which reveals a significant shift in concerns—it’s no longer just about the potential exposure of patient data, but about the very real threats of cyberattacks that could lead to patient harm or fatalities. An alarming past incident has linked a patient death to a ransomware attack within the UK’s NHS, demonstrating the potential consequences of inadequate cybersecurity.
The council’s survey, which included interviews with 40 executives from critical access hospitals and federally qualified health centers across 30 states, paints a concerning picture. A mere 14% reported having fully staffed IT security teams, while about one-third admitted to being understaffed, and over half of the organizations stated they require additional support. Roeder, who co-chairs the task group that conducted this survey, noted that the necessity for a proactive approach to safeguarding patient data is critical.
During a recent interview, Roeder highlighted various cybersecurity challenges that under-resourced medical practices are grappling with while exploring other available resources to strengthen their defenses. He also outlined the primary cybersecurity projects and priorities driving his organization’s strategy for the current year.
Roeder’s background includes a wealth of experience—25 years in IT, with 18 focused on healthcare technology—positioning him as a knowledgeable resource in this arena. He serves not only as the vice president of IT at Lakewood Health System in Staples, Minnesota, which encompasses a 25-bed critical access hospital and additional healthcare facilities but is also an active participant in the HSCC Cybersecurity Working Group, co-chairing its task group dedicated to underserved provider cybersecurity.
In terms of cybersecurity tactics likely employed against these vulnerable organizations, initial access methods such as phishing or exploitation of vulnerabilities could be common entry points. Once inside, attackers might utilize persistence techniques to maintain access, while privilege escalation methods could allow them to elevate their control over the systems. Each step of the way, these tactics underscore the vital importance of comprehensive cybersecurity strategies to mitigate risks and enhance resilience in the face of increasing cyber threats.
As rural and small healthcare entities navigate these challenges, the collaboration between technology providers and government agencies represents a crucial intersection in the fight against cyber threats, ensuring that essential healthcare services remain protected against an evolving landscape of cyber risks.
