June 2024 edition of CloudWave Connections

A Note from Jacob Wheeler

How you can prepare your team for a cyberattack.

Email | LinkedIn

By now, no one reading this is unaware of the ransomware event that took down Ascension Health on May 8 – an event from which they have still not yet recovered. Their last update on June 12 still included no estimate for when they expect to resume normal operations. That is four-plus weeks of unplanned downtime and counting. This fact brings into stark relief a significant discrepancy between expectations and reality.

Whenever I speak with executive management (CEOs, CIOs) at healthcare organizations and ask how much downtime they would expect from an incident or how much downtime their procedures plan for, I get similar answers: 6 – 8 hours. The actual data shows that the average downtime from a cybersecurity incident is 6 – 8 weeks.

The state of Missouri has given official guidance to their state hospitals to expect four weeks of downtime from a cybersecurity event, which is progress but still 50% short of the best-case scenario. Ultimately, the question isn’t about the number of days, but whether your clinical staff understands what to do and whether they are prepared to do it for extended periods of time. An Ascension nurse gave an interview in the early days where she said the hospital was in absolute chaos; no one knew what to do, where to go, or who to ask for guidance. Will the situation be different at your hospital?

How can you really prepare your teams for this kind of eventuality? One interesting note: Most organizations perform maintenance during off-hours to minimize disruption to operations; fair enough, but consider the ramifications of this: What team is getting regular practice with downtime procedures?

There is really no substitute for practice. How do you practice for a cybersecurity incident without disrupting operations? At CloudWave, we highly recommend running tabletop cybersecurity attack simulations. You can do this in-house or have us create a scenario for you. Over 600 hospital organizations have participated in a CloudWave tabletop simulation, and here are a few tips for making them successful:

• Begin with IT but expand to clinical departments and leadership to drive true basement-to-boardroom consensus.
• Do not underestimate the skill or the audacity of the attacker. They will try anything to get in and are really good at this.
• The psychology of your staff during an incident is of utmost importance to manage. If they are worried, patient care will suffer. Your responsibility is your staff; their responsibility is your patients.
• The priority for incident response should be Patients > Staff > Community > Systems.
• The priority for systems to be restored should be based on patient acuity and clinical need, not on previously assumed business continuity plans.

If this sounds like a lot, it is. When you get hit by a cybersecurity incident, you do not want your staff trying to consult a 30-page playbook; you want them relying on muscle memory. Practice is the only way to accomplish this. As always, we are here to help.

Jacob Wheeler is a Senior Solutions Architect at CloudWave.

Stay up to date with our latest news, press releases, and events on LinkedIn.

CloudWave in the Media

CloudWave CEO Speaks with Outcomes Rocket

Erik Littlejohn spoke to Saul Marquez at Outcomes Rocket at HIMSS24 earlier this spring in Orlando about how CloudWave helps hospitals face ongoing cybersecurity challenges. Watch Practical Steps to Safeguard Hospital Data Revealed here.

Customer Spotlight on Success

Prioritizing Patient Care: How Sauk Prairie Hospital Focused on Clinical Initiatives

As Director of Information Services for Sauk Prairie Hospital in Wisconsin, Scott Vaughan was tired of encountering sluggish speeds, dealing with connectivity issues, and managing downtime in his hosted EHR environment. “When the hospital staff can’t access our EHR, ultimately, our patients are affected,” Vaughan explained.

Read more

Share your IT story

How has IT helped your hospital?

We welcome you to share ways that IT has made a difference in your hospital. Please contact us at customersfirst@gocloudwave.com and share your story. We may feature you in a future issue.

CloudWave at 2024 MUSE Inspire

Denver was the location for this year’s MUSE Inspire conference for the second year in a row. The Gaylord Rockies Resort provided a spectacular view of the Rocky Mountains as attendees participated in educational sessions and product showcases over three days.

On Wednesday afternoon, Cloudwave presented a Product Showcase, “A Holistic Cybersecurity Approach: Take Action to Comply, Detect, and Respond,” In addition to taking part in MUSEO, CloudWave held a raffle for booth visitors. Later in the day, vendors and MEDITECH customers reunited for the Cocktail reception held on the Exhibit floor.

On Thursday morning, CloudWave’s Mike Donahue and Jacob Wheeler presented an informative educational session, “Cybersecurity – A Roadmap and a Program,” providing attendees with valuable information needed to start safeguarding their hospitals in the event of cyberattacks.

Did you miss going to MUSE this year? To learn more about either of our presentations, email us at customersfirst@gocloudwave.com

Canada Dinner at MUSE

On Wednesday evening, May 29, Canadian hospital customers, MEDITECH executives, and CloudWave executives gathered together for aCanada Appreciation dinner at the Old Hickory Steakhouse at the Gaylord.  A wonderful night was enjoyed by all.

MUSE Raffle Winners

Congratulations to our two winners at MUSE last week. We gave away two Air Pod Pros to the lucky winners who stopped by the CloudWave booth. Thank you to those who stopped by!

Keep Your OpSus Change Requests Moving

Sign up for Advance Authorization today

CloudWave is pleased to offer a new way to streamline the way we deliver changes to your OpSus Cloud Services.

Incremental adjustments to the scope of your cloud service are to be expected, but the timing and process may not always be convenient.

CloudWave is now able to provide a way for our cloud customers to mitigate the administrative burden of these requests by allowing key personnel to pre-approve routine change orders.

With Advance Authorization, you set the boundaries. Adding components, expanding storage, increasing capacity – these are all change order categories covered under your Advance Authorization Agreement.

Contact your Customer Success Manager or Sales Director to learn more.

Let CloudWave Handle Your Patch Management Needs

Fully-Managed Patching Service for Healthcare keeps you safe

Failing to patch systems on a timely basis leaves your hospital vulnerable to performance slowdowns, regulatory compliance issues, and even worse—the risk of cyber-attacks.

Utilizing the proven CloudCare+ patch maintenance strategy, healthcare enterprises can prevent cyberattacks, performance slowdowns, and regulatory compliance issues.

CloudCare+ solves these challenges with a skilled service team that utilizes a proven process throughout the patching cycle. This enables healthcare IT teams to take a hands-off approach to maintenance while CloudWave keeps the environment compliant and secured against cyber threats.

Learn More About the Cybersecurity Insider Program

Sign up today for the Cybersecurity Insider Program to join a community where you can regularly access free healthcare cybersecurity education and get alerted to threat intelligence gathered by our Cybersecurity Operations Center team. You will also have the opportunity to network with your peers to hear about their cybersecurity successes.

Sign up now to get access to all 2023 and 2024 on-demand webinars, and then plan to join us for the next live webinar on June 27th at 2 p.m. ET.

The June webinar topic is: Current state of Artificial Intelligence and its impact on healthcare organizations.

We’ll share:

• Details about how you should approach an AI policy
• An update on how cyber attackers are using AI to advance their attacks
• Challenges based on increased use of AI in systems and with third-party vendors

Join here

A few highlights of the program include:

• Monthly free cybersecurity education – taking place on the last Thursday of every month—NEXT WEBINAR IS THURSDAY, 6/27 at 2:00 pm ET
• Ongoing alerts to high-risk cybersecurity threats with recommended actions
• Access to a private YouTube channel (you’ll get immediate access upon program registration)
• Access to a private LinkedIn Group
• Exclusive access to special events
• Annual group Tabletop Simulation

Meet Richard Phung
CTOC Director

Many CloudWave employees have spent their careers in healthcare IT.

As the CloudWave-Sensato CyberSecurity Tactical Operations Center (CTOC) director, Richard Phung plays a crucial role in protecting customers’ hospital environments.

CTOC, CloudWave’s 24×7 continuous monitoring service, is included in the CyberSecurity-as-a-Service product offering.

Richard oversees client engagement from onboarding through deployment and into day-to-day operations.

With a 20-year career in enterprise IT, Richard has spent the last ten years focused full-time on information security. Recently, Richard served as the Information Security Officer for Simmons University, a Boston-area college.

“I am a lifelong learner and contribute to the cybersecurity community outside my role at CloudWave through classroom instruction and professional organizations.”

Richard lives on a farm in central Massachusetts, where he enjoys hunting and fishing when he is not at work.

What does Richard like most about working in health care?

“While traditional healthcare IT often focuses on patient privacy and health information, I believe our work here at CloudWave-Sensato is making a difference in reducing risk and increasing patient safety.”

rphung@gocloudwave.com