In a recent interview with HIMSS, Tyler Reguly, Senior Manager of Security Research and Development at Fortra, emphasized the pressing challenges and potential solutions surrounding cybersecurity in healthcare IT infrastructure. Reguly underscored the critical importance of addressing vulnerabilities in network-connected devices, particularly within the Internet of Things (IoT) devices, to mitigate the increasing risk posed by cyber threats.

Reguly highlighted the evolving landscape of cyber threats targeting healthcare organizations, emphasizing the sophisticated tactics employed by cybercriminals to exploit weaknesses in device management and security protocols. He pointed out that while healthcare IT teams strive to keep pace with the proliferation of vulnerabilities, the complexity of medical device software and the interconnectivity of various devices present significant challenges.

One of the key concerns raised by Reguly was the potential for data breaches stemming from improperly configured security settings. He emphasized the need for healthcare organizations to prioritize basic security measures, citing frameworks like the CIS Benchmarks as valuable starting points for enhancing security posture. Organizations can establish a solid foundation for more comprehensive security protocols by addressing fundamental misconfigurations.

Regarding IoT device security vulnerabilities, Reguly expressed apprehension about the variety and complexity of interconnected devices within healthcare systems. He highlighted the risk of lateral movement and network persistence posed by these devices, particularly in the absence of comprehensive testing and research. Reguly stressed the importance of network segmentation as a critical security measure to mitigate these risks.

Additionally, Reguly raised concerns about the security of electronic health records, noting the potential for data leakage due to inadequate protection of mobile devices with access to sensitive health data. He emphasized the importance of tracking and securing these devices to prevent unauthorized access and data breaches.

In addressing the challenge of keeping up with software vulnerabilities, Reguly advised healthcare organizations to prioritize patch management and maintain strong asset inventory systems. He emphasized the importance of scheduling regular reviews of updates, particularly those from vendors like Microsoft, to stay ahead of potential threats.

Regarding the rise of remote work and the use of BYOD devices, Reguly emphasized the need for a zero-trust approach to security, restricting access and implementing multifactor authentication to mitigate the risk of man-in-the-middle attacks.

While acknowledging the potential of artificial intelligence (AI) in enhancing cybersecurity capabilities, Reguly suggested that organizations should rely on external expertise and service providers to leverage AI technologies effectively. He emphasized the need for further refinement and simplification of AI solutions before widespread internal adoption.

Overall, Reguly's insights underscored the multifaceted nature of cybersecurity challenges facing healthcare organizations and provided valuable guidance for enhancing security measures in an increasingly complex digital environment.