Vice President of IT and Chief Compliance Officer Michael Gray also emphasized the importance of updating knowledge about different cyberattacks. Five or six years ago, he noted, only a few hands would shoot up when attendees were asked if they knew what a ransomware attack was. Today, they are very familiar across the industry.
“If we’re not aware of those risks, and our staff don’t know what those risks are, we can’t really defend against them,” he said.
Malicious actors will now try to remain in a target organization’s environment for as long as possible and may even try multiple attacks. There are also initial access brokers who then sell the way in to others once they’ve cracked the door into an organization’s network. And with social engineering attempts growing more sophisticated, multifactor authentication is evolving to become more phishing-resistant.
Even if a senior care organization believes it is ready to face a cyber event, Gray said, long recovery times are inevitable, which means that teams across departments need to know how to keep operations going when systems are offline. At a tabletop exercise he attended, he said, one of the concerns was around whether younger employees knew how to chart on paper, so there had to be a consideration for who could do rapid training in paper charting.
“Even if you are extremely well prepared, it takes a long time to bring your systems back up. Your cyber insurance carrier and forensics company that they’re using, they have to be 100% sure that your environment is clean before they bring your systems back online,” Gray said.
It’s not just about having the best security tool stack; the people who make up an organization need to be well versed in the security strategy and regularly trained.
“We really are huge proponents of having the people with the right knowledge at the table, who are either in a leadership role or interacting with your governing board, advising the C-suite or in the C-suite, to be able to fully assess, ‘Are we doing what’s necessary so that we can have the protection we need?’” Griveas said.
Keep this page bookmarked for our coverage of the 2025 LeadingAge Annual Meeting and Expo. Follow us on X at @HealthTechMag and join the conversation at #LeadingAge25.
