​

Micheal Perryman: Hello. My name is Micheal Perryman. Welcome to this podcast for San Juan Regional Medical Center. Today, we're going to be talking about trends in information security. I started my journey with San Juan Regional Medical Center on October 28th, 2024. I am the Chief Information Security Officer and Vice President of Information Security. I have about 30 years of experience in cyber resilience and information technology.

Today, cybersecurity threats rank as the number one challenge facing healthcare due to disruptions in patient care, workforce productivity, eroding trust, and average cost of compromise. Over this past year, we have seen compromises and data breaches trending at around 301 breaches per month. The number one vector for information security and breaches is in network server architecture and email, as well as different firms for electronic medical records.

Statistically speaking, the average time to recover from things like ransomware and critical patient care is seven days. The average time to recover from normal business operations is around 28 days. The average cost of ransomware and the compromises that it causes is around $10.9 million. The average entities who paid a ransom and recovered all of their data is around 2%. The average amount of data that is recovered by healthcare entities is 65%. Approximately 66% of all U.S. hospitals have suffered a ransomware incident.

Some of the emerging trends that are happening in information security and cybersecurity as threats from bad actors that leverage cutting-edge technologies and exploit expanding attack services is artificial intelligence. Artificial intelligence is a model, not just a platform, but with multiple different purposes to try to be more efficient at the things that we're doing from a healthcare perspective. AI-driven attacks have increased by 67% compared to 2024, and becomes a more emerging trend in being built into the healthcare stream system so that we can be more efficient at taking care of our patients.

Ransomware. Ransomware is an evolution that provides a targeted attack to service models. Ransomware will remain a dominant threat in 2025 with attacks across North America increasing by 8%. While high-profile targets continue to make headlines, small and medium-sized businesses and organizations such as ours have become primary targets for typical software and hardware security postures. The critical architecture and our healthcare systems and financial institutions are experiencing more and more sophisticated ransomware operations in 2025.

Credential theft. Credential theft has reached a staggering level with millions of items being stolen per year, a significant increase year over year, and an alarming rate. Most of these credentials were taken through InfoStealer Malware attacks, ransomware, and is also usually the cause for compromise in healthcare systems.

This is why security awareness is so important. Those email messages that we send and the testing that we do to test our resiliency, those are very important because we're able to see where our organization is within our posture and ,within that security posture, how we can actually make our organization more resilient.

Recently, on September 25th, our organization experienced a distributed cyberattack. The attack vector that was used was VPN password spread, credential stuffing, and distributed denial-of-service attacks. These attacks were propagated primarily by foreign advanced persistent threat groups. Those persistent threat groups are usually nation-state. Those threats and attacks usually come from states like Russia or other countries.

A VPN password spread is a malicious actor that attempts to exploit vulnerabilities in VPN infrastructure to gain unauthorized access and spread malware and ransomware. Distributed denial-of-service attacks are attacks in cybersecurity where multiple systems are used automatically or in automation to overwhelm systems and targeting systems. This floods requests making sure that we cannot get to the systems that we need.

So, what is it that we are doing as an organization to make sure that our availability is secure? Today, our operational resilience. It needs to be business-aligned. This determines the business context and cascades enterprise goals into security alignment goals. We need to be risk-aware. We need to understand the security risks of our organization and how they intersect with the overall organizational risk tolerance. We need to be holistic in our approach as to how we're protecting our organization. This leverages the best breed of information security within a framework to provide comprehensive awareness of organizational security capabilities.

Within that context, there's a lot of pressure to make sure that we are protected. At San Juan, the information security department believes in operational resilience. The whole purpose of us being here is to empower our organization to be highly reliable through a collaborative persistence to secure our future. Thank you.