One leading cyber expert from the Defense Health Agency (DHA) joined other Federal officials during a Jan. 5 virtual panel to discuss the agency’s top threats going into the new year and their plans to mitigate cyberattacks.
Col. Joseph Hoffert, DHA’s chief of the Solution Delivery Division and Risk Management Executive Division, expressed that his cybersecurity worries for 2023 will reflect those of 2022: phishing, malware, and ransomware.
The official revealed during Federal News Network’s event that the agency plans to continue its work towards cloud computing adoption and zero trust architectures – like identity and access management (IDAM) – to bolster its cyber posture within the Department of Defense (DoD).
Hoffert said his agency is in a “very unique position” due to being a part of the healthcare sector – which in recent years, he said, has increasingly been a consistent target of attacks – and the DoD, “which has always been a focus of attacks,” he said.
“You put those two together and the attack interest of adversaries gets exponentially greater,” Hoffert said. “We go through great pains within the Defense Health Agency to ensure we put the controls in place to protect those crown jewels.”
DHA’s crown jewels, the official said, are health information and sensitive data on members within the DoD. The challenge with this, he said, is balancing the need to protect sensitive personal health data with seamless accessibility to legitimate users such as healthcare providers that operate on behalf of the DHA.
Hoffert said he worries about the usual cyberattacks, like phishing-powered ransomware, but what is unique to healthcare and of particular concern to the DHA is networked medical devices.
“There is a significant concern there, not only that someone could use a medical device as a vector into our network, but also that someone could use malicious code or some other type of attack to affect that medical device and actually do harm to patients,” he said.
The DHA has unique requirements because it sits within the healthcare sector and the DoD, Hoffert explained. Due to this, the agency leverages tools like cloud computing and IDAM to ensure both Federal and healthcare workers can get the data they need without risking an attack on vulnerable information.
“Our beneficiaries have to be able to access their health records,” Hoffert said, adding, “[We’re] looking at [using these tools] from many different levels – both within the Department of Defense and within healthcare – but specifically providing our patients with the necessary information they need.”