Written by: Jeremy Maxwell, Vice President and Chief Security Officer, Veradigm
The interview referenced in the following blog took place in February of 2022.
In one of my recent blog posts, I discussed the importance of cultivating key partnerships, and how, many times, these partnerships can support better outcomes for clients and drive better patient safety. In today’s blog post, I interview Joseph Davis, Chief Security Advisor at Microsoft. Microsoft has been a key partner in strengthening Veradigm’s security posture.
Jeremy: First off, thank you for sitting down with me. We’ve worked together extensively and I’m excited to share our conversation with others. So, first question: How has Microsoft approached the dramatically increased threat environment over the last 12 months?
Joseph: The threat landscape has become increasingly complex, which means organizations must be constantly on high alert to protect, detect and remediate against them. For example, Microsoft has found that 50,000 corporate identities are attacked every month. Given this trend, organizations must adopt an “assumed breach” mentality. They should also assume that, no matter how simplistic an attack’s origin (e.g., one successful phish attempt on one user), that attack is likely polymorphic. This means the attacker will change their own tactics to avoid detection. As a result, what initially looks like an isolated attack can compromise an organization’s entire network in less than two days.
Attackers will, unfortunately, only get smarter, more strategic and more pointed. Organizations must empower their IT teams and/or their security operations teams with an integrated platform approach to help protect against attacks, while also more quickly detecting and remediating them when they do occur.
Microsoft owns the data platform, the identity, the Operating System and the cloud portion. No other security company can make that claim. Because of this, we have competitive advantages and can unlock some very unique scenarios such as Conditional via Defender for Endpoint, Microsoft Cloud App Security and Conditional Access, Defender for Office 365 and Defender for Identity.
All of this leads to reduction in the average time to respond with threat intelligence. By simplifying security, we are making clients more secure, more able to protect/detect/respond, thus empowering organizations’ security teams.
Jeremy: How can security teams build on the foundation that Microsoft has laid?
Joseph: From our many client conversations and our own experiences, we see three main challenges in securing an organization. First, the threat landscape is continuously growing in both volume and sophistication. Second, while digital technology has simplified our lives and made us more productive, it has also opened new avenues for threats as the attack surface has expanded. Finally, another challenge facing both our clients and Microsoft is the sheer volume of threats we see and trying to make sense of it all. Threat signals are simply noise if they can’t be correlated and made into actionable information. How do we find the time and capability of consuming trillions of threat signals and trying to decipher what those signals might indicate? Ideally, we have solutions in place which can do this heavy lifting for us and help ensure that we understand the threats that affect us and know how to secure ourselves from them.
When we discuss security management, we mean the way in which security operations functions inside an organization.Security operations must modernize to meet modern threats. Given the pace of change and acceleration in the cybersecurity landscape, many IT teams are operating at more than 100% capacity. They are maxed out and are being forced to do more with less.
Jeremy: I couldn’t agree more. I think that’s also the reason more Veradigm clients are choosing to host their EHRs with Veradigm Hosting to take advantage of the combined expertise of the Veradigm and Microsoft security teams.
Last question before we wrap up. What are practical steps healthcare organizations can take to reduce their risk today?
Joseph: I’ll leave you with five tips I think can be crucial in helping reduce risk of cyberattacks:
Include business risk in your risk assessment practices. When security leaders speak to their organizations’ leaders about business risk, it tends to be better received and understood. When talking about direct impact to patient health and safety, the business implication—and more importantly, the human implications—of the problem can be more easily understood. Failure to identify and mitigate business risks leads to a decrease in patient and practitioner trust, regulatory fines and sanctions and an overall negative impact to patient care.
Be compliant, but ensure compliance is in its proper place. Over-emphasizing compliance is a mistake that many health and life sciences organizations continue to make. We are not arguing that compliance should be deprioritized. However, conversely, it should not be over-prioritized. Here’s why. Compliance seeks to create and enforce frameworks, boundaries and guardrails to prevent or decrease the likelihood of risk to an organization. Many times compliance frameworks and requirements are outmoded and cannot keep up with modern threats. In reviewing common compliance framework controls, one is likely to find an overemphasis on outdated technical controls and procedures that are no longer effective in a Cloud/Hybrid world as well as in this rapidly evolving threat landscape. Security requires compliance, but also requires more than simple compliance.
Implement modern security controls. In particular, implement multi-factor authentication (MFA) and end point detection response (EDR) such as Microsoft Defender. Threat actors look for organizations that lack controls in these areas and are sophisticated enough to start initial attacks where they will have the least likely chance of being detected.
Break down threat-sharing silos. IT and cybersecurity organizational silos can delay response. When information and intelligence sharing from multiple security tools does not occur or occurs slowly and inefficiently, the advantage is handed to the threat actor. It takes a unified view and response to the entire kill chain to detect and prevent compromises before actions on the objective occur.
Remember the strategic when fighting the tactical. Over-committing to firefighting and failing to thoughtfully plan, design and modernize the whole cybersecurity approach and program can place healthcare organizations in an endless loop of needing to reactively treat the symptoms—and not the underlying disease. It is essential we dedicate part of our cybersecurity staff to detecting, preventing and recovering from attacks, but we need to move the needle on successfully preventing modern, sophisticated attacks in the first place. To do so, we need intelligent and effective solutions, policies and procedures as well as controls designed, deployed and kept current by cybersecurity staff who are trained and certified.
For years, our relationship with Microsoft has grown stronger, which is even more critical with cyberattacks consistently on the rise. The above conversation is ongoing and as the levels of cyberattacks become more complex, this established working relationship has already shown promise. Veradigm and Microsoft are evolving to identify, detect and defend against the most serious threats to ensure patient safety as well as healthcare organizations’ financial and operational well-being.