On November 11, 2024, the Consortium of Cybersecurity Clinics hosted 66 students representing 14 different universities for the Fall 2024 “Clinic of Clinics,” a semesterly event for students participating in clinics to network, learn from experts in the field, and partake in group activities.
Matthew Nagamine, the Director of Membership of the Consortium, began the online meeting by emphasizing how the event served as a way for clinic students from all over the country to meet peers, including some who might end up as colleagues in the future.
In a lighthearted icebreaker, students were asked to introduce themselves in the chat using only emojis. This engaging start set a collaborative and communicative tone for the event.
A highlight of the event was a keynote by Dr. Jeff Tully, who leads the Healthcare Ransomware Resiliency and Response Program at the UC San Diego Center for Healthcare Cybersecurity. Tully provided a compelling overview of the intersection between healthcare and cybersecurity, and gave insights into the consequences of cyber threats on patient health care and hospital operations.
In his presentation, Tully shared that cyber attacks on healthcare are growing, and it is affecting and degrading hospitals’ ability to perform operations. Not only is this a point of weakness of critical infrastructure from the perspective of national security, but it also worsens disparity in health care. At the granular level, it can also impact individuals and families in devastating ways. Tully shared an example of an incident at a hospital in Alabama, where a nine-month old baby passed away. The child’s mother claims this to be the result of diminished care due to a malfunctioning computer system during a cyber attack that was not disclosed.
Ransomware attacks, in addition to impacting patient care and the ability to provide medical care, also impacts patient health information, as stolen data often ends up leaked. The financial impacts can also be very costly; for example, Tully cited a cyberattack that cost Scripps approximately $113 million dollars in lost revenue.
With all these concerns, how do you study a problem like this?
Dr. Tully highlighted how we can apply the scientific method to the field of cybersecurity by asking questions and performing experiments. He explained how early medicine relied on trial and error, but evolved into a data-driven discipline through scientific research and hypothesis testing.
For example, one of the challenges of studying a ransomware attack to see if it disrupts patient care is that organizations are not eager to show everything that went wrong. However, rather than study the direct data, one of Tully’s suggestions was to study the ripple effects. When hospitals are attacked by ransomware, they attempt to stem the damage by shutting down the network and locking down services, and hospitals that cannot take patients may send them to nearby hospitals. Rather than focusing solely on IT systems, researchers could examine impacts such as patient health outcomes, emergency diversion rates, and operational disruptions, before, after, and during a cyberattack.
“We could be doing more of these scientific studies with respect to these cybersecurity practices,” Tully said. Sharing an example of this, Tully shared the results of a phishing study, in which a test group that underwent phishing training did not have any significant impact on the group’s vulnerability to phishing attacks.
Tully also shared innovative tools and solutions to mitigate the effects of cyberattacks on healthcare operations. For example, detecting when ransomware attacks are occurring may be possible by using publicly accessible information. Hospitals are usually very noisy on the internet, so if they shut down, they suddenly become very quiet. If signals of network activity go away, it can be an indicator that something may be occurring.
Inspired by military technology, Tully also proposed using rapidly deployable 5G networks and point-to-point Wi-FI systems to ensure that hospitals can continue to function even when their primary networks are compromised.
In closing, Dr. Tully shared advice for students. He encouraged them to think creatively and embrace diverse opportunities in cybersecurity, noting that the field is open to those with a variety of skill sets and backgrounds. He remarked, “[it is] important to understand what happens when we fail, and how to fail better, rather than how to avoid failure at all.”
Following the keynote, students came together in breakout rooms to share their unique journeys and aspirations in cybersecurity. Reinforcing the advice that Dr. Tully imparted, students met peers of all different backgrounds; the meetings brought together graduate and undergraduate students, as well as students from different universities. For example, in one breakout session, there were Computer Science, Management and Information Systems, and English majors, as well as students with military and animation backgrounds. Some were interested in how cybersecurity work is done for the government, while others were interested in malware analysis. Students also shared how their university runs the clinic program and imparted advice based on their experience.
The Consortium’s Fall 2024 Clinic of Clinics demonstrated the spirit of collaboration and innovation. As cybersecurity challenges evolve, events like these are helping to empower the next generation of cyberdefenders.
