The U.S. healthcare system has recently been on the receiving end of several cyberattacks, impacting providers across the country. The ultimate question, then, is how can we use cybersecurity to stop threats before they wreak havoc on our healthcare system and millions of Americans?
Stephen Curren is the Director for the Division of Resilience in the Office of Emergency Management at the U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and Response. He and his team look at 21st-century health threats and how they have the potential to impact the U.S. healthcare system. His office responds to a wide variety of emergencies, globally and on American soil, that affects the state of healthcare. Because of Curren’s incredible efforts, he is a finalist in the Homeland Security and Law Enforcement category of the Service to America Medals or the SAMMIES.
The SAMMIES are an esteemed awards program sponsored by the Partnership for Public Service that recognizes remarkable work done by career federal employees. Last week, Christopher Dorobek, host of the Dorobek Insider, spoke with Curren about how he and his team were able to address a new threat, WannaCry, and arm healthcare providers with pertinent cybersecurity information.
Although Curren grew up in the D.C. area and was exposed to government work at a young age, he hadn’t always been interested in working for the federal government. Curren began his career in threat consulting and only later became excited about the prospect of government work.
Curren’s career has largely been focused on cybersecurity. Now, he is responsible for connecting cybersecurity and healthcare at HHS. Most recently his team tracked and collected data on a new malware software called WannaCry. Curren described this specific malware as a serious threat due to its global impact, especially in the U.K. The malware software attack disrupted about a third of UK providers.
Curren explained that WannaCry functions as a ransom attack in which all systems are shut down and providers are locked out of their software and denied access to their files. The malware doesn’t allow entrance until a considerable payment is made.
“These attacks are a patient safety issue, because treatment is interrupted, and providers are unable to access information,” Curren said.
Although WannaCry had a minimum effect in the U.S., Curren and his team used this threat to assess their preparedness for potential future attacks.
“It really gave us a good situational awareness of what impact it was having,” said Curren.
At HHS, he and his team work with all major trade associations in the healthcare space as well as other larger and smaller healthcare companies. WannaCry’s impact reinforced HHS’s goal to share as much information as possible with providers in order to protect the healthcare system.
“In the height of it, we wanted to make sure, especially for our small providers and rural providers, those that are not generally tied into sophisticated third-party cybersecurity providers, had information. So much of our care happens in those smaller organizations, so we wanted to make sure they were equally protected,” he said.
One of the lessons that Curren and his team learned after the effects of WannaCry had subsided, was that healthcare providers weren’t very aware of how much an impact of a cyberattack could have on their systems.
“Our focus is really on getting information to people that’s digestible and understandable, even if they don’t have the most sophisticated systems in place. There are very common cyber hygiene practices that we can share with them to help better protect their systems,” he said.
Curren enjoys his work for the government and believes that his office plays an important role in the industry.
“The federal government serves as a rallying point for all of these efforts,” said Curren.
Last year, under the guidance of Congress, Curren and his office brought together a group of distinguished cyber professionals to consult on cyberthreats to the healthcare system.
“We convened a healthcare cybersecurity task force and we brought together 21 subject matter experts from across the government public sector. They worked for over a year giving us the best advice they could on how to improve cybersecurity in healthcare,” he said.
When asked about the government’s role in working with the healthcare system, Curren explained, “Often it’s just our ability to bring people together, have that public service mindset, and to work together for a common cause.”
Curren explained that one of HHS’s top priorities is to act strategically on matters of cybersecurity.
“The Department has a very collaborative approach. Because it’s a fast-changing technologically driven risk that we’re looking at, we have to be adaptive. We have to change the way we do things based on the changing threat.”
Above all else, Curren loves what he does and feels especially grateful to have the opportunity to work in government.
“I find that the satisfaction of government work is getting to be that touch point for the people you serve in the industry and everyone in this country who looks for government to provide support for them. It feels good being a part of it.”
Curren’s closing career advice to future leaders was simple: remain calm.
“There’s a lot of value in learning to remain calm,” he said. “There’s always a bigger picture.”