Threat of Russia-Ukraine 'Spillover' Attacks on HealthcareAnahi Santiago, CISO of ChristianaCare, Discusses Latest Cyber Challenges
As the Russia-Ukraine war continues, healthcare sector entities in the U.S need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware.
"During the  NotPetya incident, thousands of organizations were affected, although they weren't necessarily the intended target," she says in an interview with Information Security Media Group.
"The emergent nature of the denial-of-service attacks that are being leveraged both in Ukraine as well as Russia are learning opportunities for threat actors to further leverage their capabilities," says Santiago, a speaker at the Healthcare Information and Management Systems Society conference that is taking place in Orlando, Florida on March 14-18.
"DDoS attacks have been a concern in the past [and] because it has become so prevalent in the last couple of weeks, I think it's definitely an area to watch out for," she says.
"Ransomware is such an incredible threat vector for healthcare and other industries, and that's not going to go away. So that will be top of mind for many of us for many years to come."
In the video interview, Santiago also discusses:
- Identity and access management concerns among healthcare sector entities;
- Potential challenges involving recently passed legislation that requires certain critical infrastructure entities to report cybersecurity incidents to the Department of Homeland Security within 72 hours;
- Security lessons emerging from the pandemic for telehealth and related care delivery.
Prior to ChristianaCare, Santiago spent over 10 years as the information security and privacy officer at Einstein Healthcare Network. She is an active contributor and member of several local, state and federal cybersecurity organizations, including the Healthcare Sector Coordinating Council's Cybersecurity Working Group, the Delaware Healthcare Cybersecurity Alliance and Philadelphia's Women in Cybersecurity group.