People

Meet the CSO helping warn hospitals about cyberthreats right now

Errol Weiss, CSO of the Health Information Sharing and Analysis Center, has had a busy few weeks.

The emergency room entrance at NYU Langone Health Center

As coronavirus cases rise, protecting hospitals from cyber threats is critical.

Photo: Angela Weiss/Getty Images

As the coronavirus outbreak escalates, hospitals across the U.S. are bracing for a surge in sick patients. So, too, are the cybersecurity workers at these organizations, who are preparing to fend off ransomware attacks and other threats that could disrupt patient treatment.


Get what matters in tech, in your inbox every morning. Sign up for Source Code.


One organization that will play a crucial role in that effort is the Health Information Sharing and Analysis Center, an industry consortium that provides health care organizations of all kinds — including hospitals, insurance providers, medical device manufacturers, pharmaceutical companies and laboratories — with information on the latest threats and vulnerabilities targeting the industry. If one health care organization sees indications of a new attack, H-ISAC gives them a confidential way to share that information with peers.

Errol Weiss, the organization's chief security officer, said the next few weeks will be especially difficult for health care cybersecurity workers, as many of them shift to working remotely and take care of kids — and potentially become sick. The challenges will be especially hard for small hospitals, which lack the budget and staff to stay on top of cybersecurity issues.

Weiss, who held top cybersecurity roles at Bank of America and Citigroup prior to joining H-ISAC about a year ago, talked to Protocol about ransomware attacks on hospitals, hackers pledging to not target health care organizations during the coronavirus outbreak, and what the government's role is in fending off attackers.

This interview has been edited and condensed for clarity.

Errol Weiss Smaller health care organizations may not have the resources necessary to protect their computer systems, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.Photo: Courtesy of Health Information Sharing and Analysis Center

What emerging cybersecurity threats have health care organizations been dealing with in recent weeks?

We've been pushing out quite a number of threat intelligence and vulnerability reports over the past few weeks — there have been a lot of COVID-19 issues that have come up. A lot of phishing emails that are taking advantage of the situation, stealing username and password credentials, placing ransomware on victim computers.

There's been talk about vulnerable VPNs for the past several months that we've been notifying our members about, and that concerns me now that so many people are working from home. Malicious actors can take advantage of the VPN vulnerabilities to bypass authentication and essentially log into an enterprise infrastructure as a legitimate user. Some cybersecurity companies are sharing the IP addresses with us that tie back to health care companies, so we've been notifying those organizations that they have a vulnerable Pulse or Citrix VPN server or whatever else it may be, and provide them all of the updated information we have on that. We provide that information whether they're a member or not because one of our basic tenants is that the security of all health care organizations impacts the security of the entire system, so we're trying to raise the bar.

One of the evil ones we've seen is there have been a bunch of fake coronavirus-tracking maps and websites, using data from organizations like Johns Hopkins University to lure people into clicking on malicious attachments. We're sharing indicators about those things with our members and have gotten updates from Johns Hopkins directly and are working with them to find ways to help slow down the fakes.

How can you slow that down?

When I was doing threat intelligence for banks, we would actively monitor the internet for brand infringement; we would find websites and social media posts that used the brand name to try to dupe people into downloading something or going to a fake site. Johns Hopkins could actively monitor for those kinds of things — that may be one of the things that the government could help out with.

Over the last year, hospital systems in Alabama, New Jersey and many other states were hit by ransomware attacks. Are you concerned that these types of attacks could disrupt hospitals while they're dealing with the coronavirus response?

Ransomware attacks are happening all over and way too often. The key to this is going to be about raising awareness of the threat and making sure hospitals are taking the minimum steps to avoid it or recover quickly from it if it does happen. That's a lot of the guidance we've been putting out recently. Some security researchers have found default keys to unlock computers if organizations do get infected. But some of the attacks are using very good encryption, so they're getting harder to beat. So the real answer is avoiding the attack in the first place and being better prepared.

If a hospital does suffer a ransomware attack in the coming weeks, do you think the U.S. government should pay the ransom so it doesn't disrupt treatment?

Before I got to the health care sector, my stance was we shouldn't pay ransoms because we would be encouraging more of these attacks. But here we're talking potentially about patient lives. It's a tough question. I can't answer it. I'd much rather be advocating for organizations to spend the money on better preparedness and recovery.

What ways do you think the government can help?

I'd like to see the U.S. work on a policy to ensure foreign nations are actively prosecuting and punishing cybercriminals when they're caught, and that would be a better deterrent than what we have today. We don't have a great policy in place that's being taken seriously. A lot of countries who are trade partners of ours are ignoring cybercriminals and allowing them to operate in their country as long as they know what they're up to.

Are there signs that hackers are targeting hospitals more now that they're dealing with coronavirus?

I saw a hospital in the Czech Republic was recently hit by a cyberattack. But I also saw a report that ransomware gangs are saying they would stop their attacks against health care organizations. Supposedly the operators of Maze, DoppelPaymer, Ryuk [and other ransomware strains] put out an edict to their subscribers saying don't go after hospitals at this time. We'll see if they live up to their promise or not.

Besides cyberattacks, what has been top-of-mind for health care tech leaders?

We have a large amount of information sharing and collaboration in online chat channels. One of those channels that has been very active is about telework issues: providing equipment, ergonomic tools, reimbursement policies for internet service, how that works. There have been a ton of posts in there about how health care organizations are handling it, and you can imagine how complex and quick things are moving there. One post was from a company that had employees in 160 countries globally that they were quickly moving out of offices.

Are health care IT staff able to work from home?

The big challenge we have from a brick-and-mortar standpoint is we have sick patients coming into our facilities that could affect staff trying to keep the facilities running. I've been seeing a large number of hospital infosec staff working from home, but there are some core groups that have to show up on site. I hope their offices are located elsewhere, that there's separation or isolation, but the smaller hospitals probably don't have that.

Are health care organizations prepared for cyberthreats?

One challenge is that some of the smaller health care organizations may not have the resources that are needed to properly secure their environment. Their budgets are tight, and it's a complex and very difficult job. When I was in finance, we had an army of people working on cybersecurity for the banks, and from my experience I haven't seen the number of people in hospitals properly needed to secure those environments. There's a lot of talented people in the infosec departments in these health care orgs, but we need more help.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


Are any cybersecurity organizations offering free help to health providers?

I've been really busy over the last couple days talking to the leading threat intelligence providers and popular third-party risk-scoring tools — we've been talking with them about offering some level of free service for health organizations. With the risk-scoring tools, members can look at their own score to understand their own posture and then look at their main third parties to understand their top risks. Some smaller hospitals could find tremendous use from this, because they've had limited resources to focus on cyber and can get a free and useful snapshot of what their strengths and weaknesses are.

Google’s latest plans for Chromecast are all about free TV

The company is in talks to add dozens of free linear channels to its newest streaming dongle.

Google launched its new Google TV service a year ago. Now, the company wants to add free TV channels to it.

Photo: Google

Google is looking to make its Chromecast streaming device more appealing to cord cutters. The company has plans to add free TV channels to Google TV, the Android-based smart TV platform that powers Chromecast as well as select smart TVs from companies including Sony and TCL, Protocol has learned.

To achieve this, Google has held talks with companies distributing so-called FAST (free, ad-supported streaming television) channels, according to multiple industry insiders. These channels have the look and feel of traditional linear TV networks, complete with ad breaks and on-screen graphics. Free streaming channels could launch on Google TV as early as this fall, but the company may also wait to announce the initiative in conjunction with its smart TV partners in early 2022.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,Checkout.com

Antoine Nougue is Head of Europe at Checkout.com. He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Iris scans for food in Jordanian refugee camps

More than 80% of the refugees in Jordanian camps now use iris scans to pay for their groceries. Refugee advocates say this is a huge future privacy problem.

A refugee uses their iris to access their account.

Photo: KHALIL MAZRAAWI/AFP via Getty Images

Every day, tens of thousands of refugees in the two main camps in Jordan pay for their groceries and withdraw their cash not with a card, but with a scan of their eye.

Nowhere in the United States can someone pay for groceries with an iris scan (though the Department of Homeland Security is considering collecting iris scans from U.S. immigrants, and Clear uses iris scans to verify identities for paying customers at airports) — but in the Jordanian refugee camps, biometric scanners are an everyday sight at grocery stores and ATMs. More than 80% of the 33,000-plus refugees who receive cash assistance and (most of them Syrian) and live in these camps use the United Nations' Refugee Agency iris-scanning system, which verifies identity through eye scans in order to distribute cash and food refugee assistance. Refugees can opt out of the program, but verifying identity without it is so complex that most do not.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (Twitter: @ anna_c_kramer, email: akramer@protocol.com), where she writes about labor and workplace issues. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Protocol | China

Weibo is muzzling users for discussing a landmark #metoo case

A number of accounts have been suspended, even deleted, after voicing support for the plaintiff.

Photo: Photo by Kevin Frayer/Getty Images

As a Beijing court dismissed China's landmark sexual harassment case on Tuesday, Weibo censors acted to muzzle a number of accounts that voiced support for the accuser, or even simply discussed the trial beforehand.

In 2018, the plaintiff Zhou Xiaoxuan, better known by the nickname Xianzi, filed a high-profile #MeToo case against Zhu Jun, a renowned state broadcast show host. Zhou claimed that Zhu sexually harassed her while she was an intern on Zhu's show in 2014. Chinese web users have closely followed the civil suit, which has also drawn international media attention.

Keep Reading Show less
Shen Lu

Shen Lu is a reporter with Protocol | China. Her writing has appeared in Foreign Policy, The New York Times and POLITICO, among other publications. She can be reached at shenlu@protocol.com.

Protocol | Enterprise

Take that, Slack: ServiceNow gets a little closer to Microsoft Teams

ServiceNow is expanding its decade-long partnership with Microsoft as both companies intensify their rivalry with Salesforce.

Microsoft and ServiceNow's "coopetition" is aimed at a higher goal: undermining Salesforce, which is fast becoming the main rival for both vendors.

Photo: Uwe Anspach/Getty Images

For ServiceNow, Microsoft is the lesser of two evils compared to Salesforce.

After ditching Slack for Teams following the Salesforce acquisition, ServiceNow is deepening its decade-long partnership with Microsoft, promising co-development of new products and fresh integration capabilities within Teams, it plans to announce Thursday.

Keep Reading Show less
Joe Williams

Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Latest Stories