BOSTON — Tom Ridge, the first Secretary of the U.S. Department of Homeland Security, on Monday said that two new realities have set in since 2001: global terrorism and the proliferation of apps and devices in healthcare and other industries.
“The world is a far more perilous place today than it was on 9/11,” Ridge said at the Healthcare Security Forum in Boston. “The scourge of global terrorism is the reality of our life. The nation states we traditionally worry about are now front and center. Russia, China, Iran, North Korea.”
The second development is what Ridge calls the “digital forevermore,” the open, anonymous, ubiquitous internet that was never designed to be entirely secure.
“IoT will become the Internet of everything,” Ridge said. “Everything that makes healthcare more efficient, every access point, new device or algorithm, for every positive there’s a negative: risk and vulnerability.”
HIMSS Director of Privacy & Security Lee Kim echoed Ridge’s sentiments in saying that security will only become more important as new technologies emerge and the attack space becomes bigger.
“We’ll see a lot more cyber attacks, greater velocity, things to get past normal security controls,” Kim said. “We’ll see more tools that benign programs used against you.”
With that expanding cyberthreat landscape, Ridge recommended that hospitals and healthcare organizations shift their thinking from risk management to resiliency. That means being able to survive an attack and sustain operations and then move forward from there.
“We know that risks are sometimes surprise events but resilience should be a goal, an objective,” Ridge said. “It’s a 24/7 responsibility, every day, just like homeland security. It’s a continuous cycle of threats.”
Ridge suggested that hospitals incorporate participating in an information sharing and analysis center as part of becoming a resilient enterprise. The financial services ISAC, for instance, has some 9,000 members, while the National Health Information Sharing and Analysis Centers has fewer than 500, Ridge added.
“You can’t eliminate risk — manage the risk before it manages you,” Ridge said. “I don’t think we should be breathless about it. Accept reality, adjust, be fitter than the next enterprise, move from risk to resilience.”
Healthcare must move from risk to resilience, Tom Ridge says