RWJBH’s Ostrowsky on cyberthreat: ‘We are an industry under siege’

With hospital systems nationwide facing credible threat of attack, Ostrowsky said RWJBH is doing all it can to battle hidden opponent

Barry Ostrowsky, the CEO of RWJBarnabas Health, said he always is worried about a cyberattack. This week — in the wake of warnings of a credible threat, as well as examples of successful attacks — Ostrowsky said the system he oversees is being especially vigilant.

It has no other choice, he said.

“We are an industry under siege,” Ostrowsky told ROI-NJ. “What we have, by way of information, is highly valued. We’ve been living under that for a while, but not quite with the DEFCON level that we’re experiencing at the moment.

“We’re pouring a lot of both time and energy, to say nothing of financial resources, into addressing that. We have our fingers crossed. And, hopefully, we have some great defense. But it’s a scary notion, it really is.”

Ostrowsky would not discuss what the system is doing — for obvious reasons — but he admitted cybersecurity is one of its toughest challenges. It’s hard to stop what you can’t necessarily see.

Barry Ostrowsky of RWJBarnabas Health. (RWJBH)

“It is a great concern,” he said. “Obviously, we’ve been taking measures on a regular basis, but we’ve gone into hyperactivity on this topic over the last three or four days — pursuing every possible protection.

“So, everything we do will be at the maximum optimal approach to protecting us ourselves, but, at the end of the day, I always feel like the bad guys are half a step ahead of the good guys.”

They have been this week.

At least four health systems across the country have acknowledged they have been hit with ransomware attacks. This, after several federal agencies warned health systems Wednesday of “an increased and imminent cybercrime threat.”

On Thursday, the FBI and the Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security, sent an updated alert saying they have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and health care providers.”

NBC News has reported that at least 20 medical facilities have been hit by the recent wave of ransomware. The New York Times said the attacks are coming from Russian hackers, believed to be based in Moscow and St. Petersburg, who reportedly have been trading a list of more than 400 hospitals they plan to target.

Ostrowsky said one of the biggest challenges is not only identifying the attacker, but identifying what the attacker wants.

“There are different motivations, candidly,” he said. “Some people want ransom, and other people want to get information that they can sell otherwise. So, it’s a full attack mode.

“We’re not the only industry, of course — others are facing this. But, for us, it’s very scary as to what it could mean in terms of not so much the financial distress, but the clinical activity.”

RWJBarnabas Health, one of the state’s two super systems, has a lot of information that hackers would want. And lots of ways they can try to get it.

The system, which has a service area covering nine counties and 5 million people, has 11 acute-care hospitals, three acute-care children’s hospitals and dozens of other facilities. RWJBarnabas Health also collaborates with Rutgers University on education, research and clinical activities, including those at the Rutgers Cancer Institute of New Jersey and Rutgers University Behavioral Health Care.

Ostrowsky said the system is working to make sure all locations are secure.

It is very difficult,” he said. “We are so now digitally-based and computer-activated, that the port portals to get into it are almost infinite.

“There are some favorite ways for these folks to penetrate organizations like ours. And, of course, you pay attention to that, because they tend to be the way into us, but you never can tell.”