Updated January 2024, original interview in 2020
Ricoh Danielson is an impressive guy. From his time serving as a US Army Combat soldier in Iraq, to becoming a legal advocate for veterans in their battle to receive PTSD treatment; then later developing his security expertise in digital forensics for law enforcement and the military, Ricoh has dedicated himself to a singular passion: protecting others.
Now a leader in Information Security, Ricoh has turned his sights on healthcare – an industry frequently targeted for a cyber attack. It was a privilege to speak with him recently about how healthcare organizations can improve their critical security posture, and specifically, the need for penetration testing – a practice that fits in well with a comprehensive, HIPAA compliance program.
HIPAA Vault:
“Ricoh, it does seem that a major theme of your life has been protecting and advocating for others. Is that what motivates your interest in healthcare security as well?“
Danielson:
“I’m passionate about ensuring that people’s lives and livelihoods are protected. I’ve seen how cybersecurity and digital forensics can be leveraged to uncover digital evidence that has helped patients; in law enforcement, I’ve seen how digital forensics is used to track down bad guys. From my military experience, I’ve seen how digital forensics evidence has helped make command decisions on the battlefield, saving soldier’s lives. At the end of the day, I believe in using cybersecurity to continue to serve and protect others when needed.“
HIPAA Vault:
“Many healthcare companies scan for vulnerabilities in their systems, but some are resistant to a penetration test that will simulate an all-out cyberattack. Why is this?“
Danielson:
“I remember working with a large medical company that had an app in the cloud. They were resistant to making the small investment for a penetration test (we even offered them a discount!), but they continued to insist they were fine. I then did an initial investigation that revealed to them how they were essentially open to the world – including China, Malaysia, and Russia – the 3 major bad actors. I told them that it’s very possible that hackers had some of their data already. Later, the Feds came in and mandated that this company make changes in their security, and the price tag ended up being far more expensive than if they had made the changes sooner.”
HIPAA Vault:
“So how do you determine who needs a penetration test?“
Danielson:
“You might think it’s only large companies with money that can afford to do a penetration test, but the truth is, small to midsize companies can benefit as well. Whether you need one and how extensive the pen test should be will depend on your application. How vital and necessary is your app? Is it a healthcare app that delivers timely and critical feedback on, say, a person’s kidney disease? Most medical records companies, for example, will know that they need a pen test more often (maybe every 8 weeks), and therefore allocate a generous budget for it.”
HIPAA Vault:
“So what should a company know as they prepare for a pen test?”
Danielson:
“It’s important that the CISO and IT department first agree to check their egos at the door, and choose transparency over defensiveness. If they do, then we can run a Purple Team exercise (a combination of Red & Blue Teams, where the Red Team launches an attack in an attempt to exploit the company’s defenses, and the Blue Team is the IT team that seeks to thwart the attack. The Purple team remains neutral and helps both teams). Everybody is then working toward the end goal of strengthening security, testing their app, getting their servers patched, and doing what it takes to make the company more secure.”
HIPAA Vault:
“What else is important to prepare for, in view of a potential cyber attack?“
Danielson:
“Everyone needs a “critical response plan.” In the military, we’d often emphasize that soldiers in the field need 3 things: radio, food & water, and ammo. Likewise, hospitals and other organizations with sensitive data (like banks) also need 3 things, and these should be written up very clearly so it’s easily accessible in the event of an attack:
1.) Someone you’ll call about your infrastructure,
2.) A bank account large enough to handle remediation costs if you’re breached, and to get you back up and running, and,
3.) Good insurance.
You really need these things whether you’re large or small, because the truth is, it’s not if you get attacked, but when.”
Stay tuned for Part 2 of our interview with Ricoh!
Enhancing Healthcare Cybersecurity
Healthcare organizations face unique challenges in protecting sensitive patient data while maintaining operational efficiency. To address these challenges, it’s crucial to implement robust cybersecurity measures.Penetration Testing Methodology in HealthcarePenetration testing in healthcare settings involves a systematic approach to identifying vulnerabilities in information systems. This process typically includes:
- Reconnaissance: Gathering information about the target systems
- Scanning: Identifying potential entry points
- Gaining Access: Exploiting vulnerabilities to breach the system
- Maintaining Access: Determining if the breach can persist undetected
- Analysis: Compiling findings and recommending security improvements
Penetration tests help healthcare organizations identify weaknesses before malicious actors can exploit them, ensuring better HIPAA compliance and overall security posture.
Best Practices for Healthcare Data Protection
To safeguard sensitive patient information, healthcare organizations should:
- Implement strong access controls and authentication measures
- Encrypt data both at rest and in transit
- Regularly update and patch all systems and software
- Conduct ongoing staff training on cybersecurity awareness
- Establish and enforce strict policies for data handling and privacy
Creating an Effective Critical Response Plan
A well-designed critical response plan is essential for minimizing damage during a cyber attack. Key components include:
- Incident Detection and Reporting: Establish clear protocols for identifying and reporting potential security breaches.
- Response Team Assembly: Define roles and responsibilities for team members involved in incident response.
- Containment Strategies: Develop procedures to isolate affected systems and prevent further damage.
- Eradication and Recovery: Outline steps for removing threats and restoring normal operations.
- Post-Incident Analysis: Conduct thorough reviews to improve future response efforts.
The Future of Cybersecurity in Healthcare
As healthcare technology continues to evolve, so do the associated cybersecurity challenges. Emerging trends include:
- AI-powered threat detection and response systems
- Blockchain technology for secure health information exchange
- Zero-trust architecture to enhance network security
- Increased focus on IoT device security in medical settings
- Advanced biometric authentication for access control
By staying ahead of these trends and implementing comprehensive security measures, healthcare organizations can better protect patient data and maintain trust in an increasingly digital healthcare landscape.
Ricoh Danielson is a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management. In addition to conducting penetration tests for healthcare companies, Ricoh helps small to large businesses with incident response and digital forensics, and has contributed articles to a number of cybersecurity publications. A U.S. Army Combat Veteran, Ricoh served in Iraq and Afghanistan.
HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times. In addition to HIPAA Compliant WordPress, HIPAA Vault provides secure email and file sharing solutions to improve patient communications. For more information, or to schedule a penetration test, call us at 760-290-3460, or visit us at www.hipaavault.com.
