Where hospitals face cyber threats, inside and out

When it comes to cybersecurity, the insider threat is one of the most vexing challenges faced by healthcare organizations. It is the internal threat posed by employees, contractors or business associates that have information and access to the data and computer systems of that healthcare provider. This particular threat isn’t driven by evil intent, but rather human error. In fact, a report issued earlier this year by Verizon said more than half of analyzed incidents over a year period were attributed to insiders, making it a bigger threat than outside attacks.
That was one of the topics for a panel discussion when entrepreneurs, investors and researchers gathered Thursday, October 11, at the University of Maryland BioPark for an event co-hosted by Anchor Ventures and bwtech@UMBC Cyber Incubator.
Bringing together two areas that are often cited near the top of the state’s tech strengths, the event focused on cybersecurity issues in healthcare. The panel featured a group of experts from a variety of sectors.
Panelists (left to right in the picture below), included:

• Max Shantar, Chief Information Security Officer, Anne Arundel Medical Center
• Dennis Underwood, Chief Executive Officer, Cyber Crucible, Inc.
• Tony Surak, Chief Marketing Officer and Advisor of DataTribe
• Dr. Charles Johnson-Bey, Director, Engineering & Technology, Lockheed Martin
• Moderator Keith Moulsdale, Partner, Whiteford Taylor & Preston LLP
• Lei Zong, Partner & Senior Computer Engineer, KeyTech

The panel discussion touched on topics ranging from cybersecurity products in healthcare to what kind of cybersecurity elements attract investors attention in the healthcare sector and the risk mitigation associated with emergence of more Internet of Things devices in healthcare.
“We can’t put a firewall in front of every single device in the hospital, but we can work to achieve risk mitigation,” said Max Shantar, CISO at Anne Arundel Medical Center. The regional health system based in Annapolis has teamed up with local cyber security companies to set new standards for security in the healthcare space.
Dennis Underwood, CEO of Cyber Crucible spoke about the unique challenges of providing cybersecurity in healthcare.
“The healthcare industry requires a great deal of flexibility and agility of its security professionals. These professionals must adapt and overcome unique challenges, including a wide variety of equipment to protect, an inability to easily patch vulnerabilities in life-saving equipment, an often segmented IT environment crossing geographic regions, and an imperative to protect highly sensitive patient data,” he said. “Healthcare, where data and equipment security must co-exist with instant patient data availability to medical staff, continues to be one of the most challenging and high stakes environments for cybersecurity.”
CyberTini, the annual networking event, followed the panel. TEDCO CEO George Davis and Rick Kohr of Evergreen Advisors spoke about the importance of the growing cyber industry in Maryland as well as the resources that are available for Baltimore’s emerging entrepreneurs in the cyber space.