Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Rebecca Zisser / Axios

It's been a few months since the worldwide WannaCry ransomware attacks, and a month and a half since the NotPetya attacks that hit U.S. hospitals and the drug company Merck. The cyberattacks were bad enough to get the attention of the health care industry — and the rest of us — but not bad enough to force the industry to solve the underlying problems.

The bottom line: A cyberattack that takes down multiple hospital systems is "the thing that keeps me up at night," said Richard Staynings, principal and cybersecurity healthcare leader at Cisco. "I have no way of knowing the last time a patient received their medication … It essentially renders hospitals near useless."

Here's what's changed and what still hasn't, according to cybersecurity experts.

Changed:

  • Hospitals and other health care facilities have been reluctant to install security patches on devices that have to be available at all times, like CT scanners. But they're becoming more open to it "now that the risk equation has changed significantly," meaning it's clearly more dangerous to be vulnerable to an attack than to take a device offline, according to Staynings.
  • Hospital officials are generally more aware of the importance of cybersecurity. "I think they're interested — I'm not sure they understand what they should be doing," said David Damato, chief security officer at the cybersecurity startup Tanium.

Not changed:

  • Health care organizations still don't spend a lot on cybersecurity, compared to traditional priorities like doctors and researchers. "Health care is now an easy target compared to financial services," said Staynings.
  • It's an increasingly urgent issue as more and more software is added, especially at smaller facilities that don't have a lot of money to spend, said Bryan Sivak, a former chief technology officer at the Department of Health and Human Services.
  • Electronic health records are becoming a big worry. You don't want someone getting in and changing a patient's blood type, for example, or getting access to highly sensitive personal information about them.
  • Old or unpatched operating systems will always leave health care facilities vulnerable. "We've been talking about this for decades and are still running into the same problems," said Sivak.
  • Facilities have to learn to segment their networks, or divide them into subnetworks to make them more secure. (That's a tough task, though, if they don't have a lot of IT resources.)
  • Vendors have to be more willing to patch their medical devices — some don't want to change them for risk of losing their certifications from the Food and Drug Administration. And the FDA "has sat on the fence on this issue, quite frankly, for the last few years," said Staynings.

Go deeper

Biden's centrist words, liberal actions

Illustration: Sarah Grillo/Axios

President Biden talks like a soothing centrist. He promises to govern like a soothing centrist. But early moves show that he is keeping his promise to advance a liberal agenda.

Why it matters: Never before has a president done more by executive fiat in such a short period of time than Biden. And those specific actions, coupled with a push for a more progressive slate of regulators and advisers, look more like the Biden of the Democratic primary than the unity-and-restraint Biden of the general election.

14 mins ago - Technology

Review of Trump ban marks major turning point for Facebook

Photo Illustration: Aïda Amer/Axios. Photo: Saul Loeb/AFP via Getty Images

Facebook's decision to ask its new independent Oversight Board to review the company's indefinite suspension of former President Trump is likely to set a critical precedent for how the social media giant handles political speech from world leaders.

What they're saying: "I very much hope and can expect … that they will uphold our decision," Facebook's VP of global affairs Nick Clegg tells Axios.

Updated 23 mins ago - Politics & Policy

Biden to attempt "emergency economic relief" by executive order

President Biden. Photo: Mark Wilson/Getty Images

President Biden will continue his executive action blitz on Friday, issuing two more orders in an attempt to provide immediate relief to struggling families without waiting for Congress.

Why it matters: In his second full day in office, Biden is again resorting to executive actions as he tries to increase payments for nutritional assistance and protect workers' rights during the pandemic.