Issue link: https://beckershealthcare.uberflip.com/i/1519468
46 CIO / HEALTH IT Is healthcare prepared for cyberattacks? By Naomi Diaz Are hospitals and health systems truly prepared for cybersecurity attacks? e Feb. 21 cyberattack on Change Healthcare along with the increase of cybersecurity and ransomware groups targeting the healthcare industry has raised concerns about hospital and health system security, especially their downtime procedures when technology and critical systems get knocked offline. "I think what we've certainly learned over the last 90 days is that technology is great, and we should use it and promote its use. But the more we embed ourselves in the technology, the less prepared we are when that technology doesn't work," Zafar Chaudry, MD, senior vice president and chief digital and information officer at Seattle Children's, told Becker's. Per the American Hospital Association, numerous healthcare facilities have contingency plans in place to sustain operations without relying on technology for up to 72 hours, and in some cases, as long as 96 hours. But cybersecurity experts told NBC Washington in a Feb. 8 article that this isn't enough. Experts suggest that hospitals should create plans to keep running smoothly even if all their technology is down for at least 30 days. But hospitals aren't close to being able to implement those plans, according to John Riggi, the cybersecurity and risk national adviser for the American Hospital Association. is comes as the HHS stated that cyber incidents on hospitals and health systems have led to "extended care disruptions, patient diversions to other facilities and delayed medical procedures, all putting patient safety at risk." "We've had many recent cyberattacks in healthcare. And what I've learned is that we're not ready for business continuity or disaster recovery," Dr. Chaudry said. "What is interesting to me is the better we get at using this technology, the further away we get from what would happen if we didn't have it." In 2023, health systems experienced 46 ransomware attacks, up from 25 in 2022 and 27 in 2021, according to a report from cybersecurity firm Emsiso. Ransomware was even listed as one of the biggest safety concerns in health technology for 2024 by nonprofit patient safety organization ECRI. n 'You just can't keep pace': CIOs deal with spike in software vendors By Giles Bruce S ome CIOs are struggling to "keep pace" with the huge explosion in outside vendors that has coincided with the hype over artificial intelligence, The Wall Street Journal reported March 4. Besides AI, CIOs are also sifting through a growing number of digital tools and also looking for smaller vendors so they don't rely so heavily on a handful of big companies, Gartner IT researcher Stephen White told the newspaper. "You just can't keep pace," Carhartt CIO Katrina Agusti told the Journal. The workwear company's software-as-a- service subscriptions are up to 121 in 2024, compared to 59 five years ago and 20 a decade ago. Some organizations have been able to shift the other way. Pharma company Moderna started working with a bunch of software firms as it raced to get out a vaccine amid the pandemic, according to the story. "A lot of times my business partners were running crazy fast because they needed something," Moderna CIO Brad Miller told the news outlet. "So they just went and signed licenses and there wasn't really a tech review." But since spending more time analyzing costs and value, Moderna has decreased its vendors from 257 last year to 200 this year, the newspaper reported. n Image Credit: Adobe Stock