A 5-Part Cybersecurity Strategy From the FBI’s James Comey; AHA’s Rick Pollack on the AHCA

It’s no secret that pretty much every health care institution on record opposes the current iteration of the American Health Care Act. This, of course, includes the American Hospital Association, for reasons its President and CEO Rick Pollack made apparent during the aptly timed American Hospital Association’s Annual Membership Meeting on Monday.

“The House bill is not consistent with our deeply held principles of providing coverage for those who need it … and ensuring that the most vulnerable are not left behind,” he said.

Pollack cited core problems with the bill that would hurt hospitals and patients, such as its proposed $840 billion cut to Medicaid over a 10-year period; the waiving of key insurance rules and consumer protections; and allowing insurers to raise costs for those with pre-existing conditions; among other problems. These all add up to depriving more patients of care-access and of coverage. “That’s why the Senate must reject the House bill as a starting point,” Pollack said.

With the bill now in the Senate, “we face an entirely different political environment,” Pollack said. AHA Executive Vice President for Government Relations and Public Policy Tom Nickels, who followed Pollack onstage in Monday’s plenary address, expects the Senate to completely rewrite the bill, with a new draft likely ready around the August recess. Nickels pointed out the dramatic polarization in Washington, noting that there wasn’t much bipartisan teamwork in place to move the bill forward. Because of this, “Repeal and replace has really sucked the oxygen out of every room in this town,” he said.

Although FBI Director James Comey (pictured) is perhaps better known for his own recent political drama, his message to meeting attendees at the plenary’s conclusion was strictly business: we need to work together — yes, that means with the FBI — to reduce cybercrime.

“All of us have to do a better job — and I’m speaking for the FBI, as well — at growing that security culture in our organizations, at training our folks better and at being much more careful about who gets a privileged account,” he said. Comey also mentioned keeping machine vulnerabilities to a minimum by “paying attention to the boring stuff” such as updating software on a regular basis, as well as the importance of mitigating damage. “Everyone in this country should have given thought to a business continuity plan if there’s an attack,” he said. “[He or she] should have given thought to, ‘what are we going to do if someone comes and locks up our systems with ransomware? Do we have the backups we need to go in and operate immediately?’”

To that end, Comey laid out his agency’s five-point strategy to reduce cybercrime:

The FBI is tackling cyber fixes by assigning internal tasks based on expertise instead of the location of the attack. “It’s had the effect of creating fabulous competition inside the FBI,” he said. “It’s created a passion for demonstrating expertise.” It’s also created a cyber “fly-team” comprised of experts who are ready to appear at the scene of the intrusion at a moment’s notice.
The FBI is getting creative with building up its cadre of cyber-savvy special agents. This is difficult because the FBI can’t pay as well as the private sector does, Comey said; plus, cyber FBI agents need a very particular set of attributes: They need to have integrity, high intelligence, physicality and technical ability — a rare combination. “We’ll find people who have integrity who can’t do a push-up but are very, very smart; we’ll find people who are very, very smart, who can do a push-up [but] who want to smoke weed on the way to the interview,” he said. “So, it’s an enormous challenge for us.” To compensate for this, the FBI is trying new ways to attract and retain talent, such as growing from within and working on its public image.
The FBI wants to “shrink the world” to punish cybercriminals. “If you tell anybody in government — at the local, state or federal level —that you’ve seen something that concerns you when it comes to terrorism, that’s all you need to do and it will get to the right people within seconds,” Comey said. “We have to get to that place when it comes to cyber-intrusions.”
The FBI wants to help state law enforcement “raise its digital game” and improve digital literacy throughout the country.
The FBI is trying to improve relations with the private sector. As it stands, the vast majority of intrusions are not reported to law enforcement, Comey says. “I understand that instinct, but it is horribly short sighted,” he said. “The idea that this will go away is foolish. We have to find a way to share information better with each other, so we can be more useful to you in trying to stop threats long term.”
Comey said he gets hospitals fears that calling the FBI might hurt an institutions’ image, cause legal troubles or more, but this is not necessarily the case, he said.

“We will explain to you what happens with any information you give us. We will explain to you the risks and opportunities associated with talking to us so that you can make an informed decision,” he said. “Once you make those judgments, you will see us abiding by our promises.”

Source:http://www.hhnmag.com/articles/8282-a-5-part-cybersecurity-strategy-from-the-fbis-james-comey