Eleanor Kennedy | Nashville Business Journal

Paul Connelly‘s official title with hospital giant HCA Holdings Inc. may be vice president of information protection and security and chief information security officer, but his job description might as well include this corollary: “prophet of doom.”

Connelly joked about his soothsaying of destruction during a Nashville Health Care Council panel Wednesday afternoon, featuring not only Connelly, who served as the White House’s first chief information security officer prior to joining HCA, but also Department of Homeland Security veteran Noah Kroloff and former United States Secret Service Director Mark Sullivan (Kroloff and Sullivan paired up post-government service to lead Global Security and Innovative Strategies), along with Samar Ali, an attorney with Bass, Berry & Sims who worked as a White House Fellow in President Barack Obama‘s administration.

Despite the hefty government experience on the stage, the prediction of doom and gloom to come had nothing to do with last week’s surprising election results, but instead stemmed from the constantly evolving threats to cyber security at health care companies, like the ones that form the core of Nashville’s economy. (Some of which have already experienced data breaches in recent years.)

“The health care industry and all industries are definitely targets of cyber threats,” Kroloff said.

The culprits fall into three primary categories, Kroloff said: state actors, hackers (or benevolently motivated so-called hacktivists), and criminal actors. Connelly seemed to focus on the latter group with his description of the evolution of cyber attacks, which he said has moved from the annoyance of viruses to identity theft and, increasingly, extortion. Next, some of the panelists suggested, it may move into cyber terrorism.

It can be hard for health care companies and device makers to keep up with those threats, Connelly said, because while advancements are constantly being made in technology that can improve patient care, “security tends to lag behind.”

Still, not everything is terrible. Although the health care industry is about a decade behind other sectors, like the financial services industry, there’s some solace to be found in the fact that it’s almost impossible to be adequately prepared for the threat of a cyber attack, Kroloff said. That’s because the threat is “evolutionary,” he said, and the industry needs to evolve alongside it and stay on alert.

That can present opportunities for businesses, Kroloff said, especially if their leaders spend time rethinking some of their practices, systems and the ways they interact with government entities that are also trying to keep cyber threats at bay.

To that end, the panelists said businesses need to have a response plan ready and also suggested everyone in the organization know their roles in promoting cyber security.

Despite all the warnings of cyber threats to come – and already here – Sullivan offered this additional piece of advice: “Don’t panic.”

http://www.bizjournals.com/nashville/news/2016/11/16/cyber-security-experts-to-nashville-health-care.html