Jesse Kinser on the fight against healthcare cyber attacks
Hi Jesse, please introduce yourself and your role.
“My name is Jesse Kinser and I am the Chief Information Security Officer (CISO) for LifeOmic. In addition to my role as a CISO, I am also active in the hacking community. As the CISO for a small Software-as-a-Service (SAAS) start-up, I wear many hats and am constantly juggling various responsibilities. This includes everything from security, compliance, and privacy initiatives. My team and I work tirelessly to ensure that LifeOmic is protected against potential security threats and that our customers can trust us with their valuable data.”
How did you become a hacker?
“I began my journey as a hacker during college where I worked on various offensive security research projects. Shortly after finishing college, I accepted a position to protect and improve our nation's cybersecurity. I was immediately drawn in by the exciting and challenging nature of the work. To further my skills and knowledge, I started participating in bug bounty programmes early on in my career. This gave me the opportunity to work on real-world security challenges and gain hands-on experience in identifying and fixing vulnerabilities. Over the years, I have continued to participate in bug bounties and stay involved in the security community, as it has been a valuable source of learning and growth for me. I am proud to say that I have never stopped learning, growing, and pushing myself to become a better hacker.”
Why is the healthcare industry at threat of cyber attacks?
“There are several reasons why the healthcare industry is at threat of cyber attacks:
- Underfunded cybersecurity teams: The lack of investment in cybersecurity teams can lead to understaffed departments, outdated technologies, and an overall lack of resources. This can result in critical vulnerabilities not being addressed, making the healthcare organisation more vulnerable to cyber-attacks. Moreover, cybersecurity professionals are in high demand, and without competitive salaries, organisations may struggle to attract and retain skilled staff
- Hospital availability is critical for service: As healthcare organisations cannot afford to have their systems down for an extended period of time, they are often more willing to pay a ransom in the event of a ransomware attack. This not only perpetuates the problem of ransomware attacks but also funds the criminal organisations behind them
- Scattered team awareness: The complexity of the healthcare industry, with its numerous departments and diverse skill sets, can lead to a lack of awareness among employees regarding cybersecurity best practices. This can result in employees accidentally exposing the organisation to cyber threats, either through their actions or through falling for phishing scams. To mitigate this risk, organisations need to implement comprehensive cybersecurity awareness programmes, which educate and empower employees to play a proactive role in protecting their organisations.”
What does the healthcare industry need to know about cybersecurity?
“Cybersecurity is not a solitary effort and requires the participation of everyone in an organisation. It is essential for executives to establish a clear vision and communicate the importance of data protection to all employees, regardless of their role or department. This includes everyone from nurses, to those who handle patient intake, to engineers. While it may be tempting to believe that the responsibility for cybersecurity lies solely with the security or IT teams, this is a misconception. The reality is that a cyber attack can originate from any number of sources and can have far-reaching consequences. For example, a ransomware attack can start with something as simple as a finance director downloading an infected Excel document. This highlights the importance of making sure that all employees are aware of potential cybersecurity threats and are equipped with the knowledge and resources they need to help protect the organisation. In short, cybersecurity is truly a team sport and requires the participation and cooperation of everyone in an organisation to be successful.”
Tell us about leading a cybersecurity team.
“One of the things that I am most proud of is my ability to bring together individuals who share a common vision. In my opinion, cybersecurity is a collaborative effort that requires a team-oriented approach. That’s why, when it comes to hiring, I am always on the lookout for individuals who understand this concept and have a similar mindset. Even in the face of challenges such as a competitive job market where top-notch candidates can be hard to come by, I have been able to assemble teams of dedicated professionals who are committed to working together to help the business secure its assets.”
What impact can cyberattacks have on patient privacy, clinical outcomes and financial resources?
“When cyber attacks occur, they often result in the theft of personally identifiable information (PII). While this is not unique to electronic health record systems, it is certainly a concern when PII is breached in health systems. A more modern realisation, though, is how these attacks result in major impacts to patients. It is more and more common to see patients have their medication or treatment delayed after a health care system is breached. We have now seen cases where patients are rerouted to different providers altogether. Even emergency cases may be postponed or care delayed.”
What attacks are the most prevalent and how they are happening?
“Headlines today still scream about sophisticated attack patterns and techniques that leave teams stunned and scrambling. The reality is that many, many impactful incidents today stem from phishing and identity compromise. Users sharing credentials, using weak credentials, and missing MFA still hurt providers every day.
“Businesses should focus on getting the basics right before they start investing in the new silver bullet. Just like a good football team, if you don’t have a solid foundation, then your quarterback is going to get sacked way too often.
“Leaders should be able to ask their teams some of the following questions and get quality answers:
- How many laptops do we have?
- What was the result of our last user audit?
- When was our last data restore test?
- How many SIEM alerts go un-investigated on a weekly basis?
- Have we resolved all findings from our last penetration test?
“Please note, if the answers to these questions are lacking - then you likely have not invested or prioritised security in the right locations.”
Who is behind these attacks?
“This is a pretty large question that doesn’t have an easy answer. Very recently, teams have been sent scrambling due to the threats made by Russian and North Korean-based threat actors such as KillNet and Andariel. These groups are focused on punishing NATO countries for their support of Ukraine. However, the industry is targeted by a broad spectrum of actors from hacktivists to nation-state spies to crime groups looking to make a buck.”