Ryan Wood on the ‘automation race’ in cybersecurity 

WATERLOO, Iowa – Ryan Wood, VGM Group’s new chief information security officer, believes health care companies, as a general rule, need to “assume compromise” in the wake of the Change Healthcare cyberattack. 

“Without knowing the specifics of the Change Healthcare cyberattack, I think we should be leaning on building our cyber program and infrastructure for resilience, rather than being focused on backup and recovery,” said Wood, a recent guest on the HME News in 10 podcast from HME News. “The ability to keep doing business is going to be more of a focus. Taking zero-trust principles into account, we just assume compromise. How do we secure our environment, assuming that someone is already poking around trying to find that data? Resilience is the better way to go for a long-term strategy.”  

Here’s what else Wood, whose credentials include Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Cloud Security Professional (CCSP), had to say about why health care data is such an attractive target and how ChatGPT-type tools can be weaponized. 

No reset 

“Health care records and patient data are very private, and they can be used in a lot of nefarious ways,” Wood said. “The data itself is different than other data – it can’t be reset. You can cancel your credit card and order a new one, but if that’s your Social Security number, you can’t renew or reset (that). It’s private and ongoing, which makes it more difficult and more valuable.”  

No end 

“The health care industry, in general, becomes a target because they pay (ransoms),” he said. “It’s very sensitive data. They have to pay (to) get back online in a hurry. If they’re not prepared for it, it’s very costly. It will continue to be target until we find a way to make it not profitable for the adversaries.”  

No rest 

“Right now, generative AI or ChatGPT-type tools are the future,” he said. “(These tools) not only help defenders but (allow) adversaries to automate a lot of the things. They’re using AI to build their tools so they can automate, say, a phishing campaign or using ChatGPT to create a better email that is more likely to get clicked on. So, it’s staying ahead in the automation race. It’s a constant game of cat and mouse between the capabilities of our adversaries and figuring out how they’re doing that to combat it.”