AI Paving the Way for New Healthcare Innovations

Posted on by Tim Boltz

With the boom of consumer facing artificial intelligence (AI) through Chat GPT and other tools, the discussion of AI applications within healthcare has also become a priority with exciting new developments. Pre-COVID, there was some hesitancy with telehealth, whereas now it has become a highly valued, main offering within the healthcare ecosystem. Similarly, AI is becoming a key mobilizer for improved patient outcomes and more efficient provider processes. Through the power of the cloud and supercomputing, AI is opening doors for transformational results throughout all aspects of healthcare including personalized medicine, medical research and trials, treatment efficacy and more. Once healthcare organizations better understand the benefits that AI unlocks for all stakeholders, they can take the next steps to apply it to their individual health networks.

Benefits of AI in Healthcare

Patients

The potential uses for AI in the medical field are endless and apply to all levels of healthcare with improvements for patients, healthcare providers and healthcare administrators. When organizations invest in AI, it decreases wait times for patients, optimizes appointment availabilities and increases overall access. AI can also interpret imaging and detect illnesses faster which minimizes treatment delays. Through wearable technology and personalized medicine, AI is enabling patients to gather health data and manage treatment from home. This customizable capability is especially valuable for rural or low-income patients to level out the social determinants of health and offer treatment through telehealth while saving on costs for all involved.

Medical Providers

AI can significantly reduce the administrative burden for medical providers by automating routine tasks and increasing bandwidth for front line staff to complete other medical duties. A hallmark capability for AI is analyzing data which it can aggregate from wide pools of information to suggest electronic health record (EHR)-based interventions, predict possible future patient ailments and offer a more unified, comprehensive picture. In a post-COVID-19 world, AI healthcare data applications offer the extremely relevant and desired ability of anticipating future public health crises through research and analytics. These AI forecasts can accelerate understanding for policy creation, reinforce healthcare resources and provide precision public health.

Healthcare Administrators

Applying for grants can be a time-consuming process, but with AI evaluating grant proposals, healthcare administrators can quickly identify which grants to apply for and which to pass. AI can also detect potential fraud cases. It is currently being implemented at the Centers for Medicare and Medicaid Services to make sure that applicable citizens receive the proper care and services they deserve, and by the Department of Health and Human Services to analyze counterfeit drugs to prevent fraud and preserve the efficacy of vital medications.^[1]

Making AI a Reality for Individual Healthcare Networks

With these groundbreaking benefits, instituting AI is a clear case. Currently about 98% of healthcare organizations have or are planning to implement an AI strategy.^[2] To make this a reality, healthcare organizations must focus on three main areas:

Understanding the technology capabilities, requirements and use applications
Educating providers and building trust with patients
Instituting privacy and security policies

Understanding what AI can do, which applications to pursue for individual hospitals’ use cases and what it takes to operate the technology, needs to be a collaborative effort between all levels of a hospital system. Many clinicians are burned out and looking for tools that will ease their burden while also improving care. Through proactive conversations with medical providers and C-suite stakeholders, CIOs and management can present the investment benefits and ultimately increase full system buy-in and ability to scale effectively and efficiently.

Educating medical ecosystems and patients with the digital skills and knowledge to utilize the technology resources is also important for proper usage and increased adoption. Once providers understand the potential of AI and the practical ways it can improve their workflows, they can be confident in using the tools and clearly articulating the information to patients. Trust is a huge component of thriving, effective care. Clearly presented information establishes that rapport with patients and clinicians. Overall, training re-establishes for providers and administrators the priorities of patient safety, professional accountability and protection from reputational, legal and financial risk to ensure that the AI technology is used responsibly. Through proper education, patients also feel empowered with how AI is being implemented in their care and the commitment of their medical team to pursue the safest and best outcomes.

The last key element to establishing the use of AI in healthcare and maximizing its benefits is keeping privacy and security top of mind. Hospital management need to consider what policies and procedures they will institute to protect patients’ data and prevent bad actors from exposing personal information or disrupting care. Data integrity is also vital to keep AI algorithms’ predictions and assessments accurate. Healthcare network administrators will need to evaluate the best method to securely store that data whether through a cloud provider or building encrypted data storage on premises using private AI with an internal high computing platform specific to the individual hospital. These management policies and governance frameworks will not only offer standardization, they will also help build trust with patients while providing enough flexibility for AI innovation and growth.

Ultimately the partnership of AI with medical experts enables the perfect balance to deliver rapid, actionable insights and improvements while humans manage the usage of the technology to ensure quality care for each medical case. The future of healthcare is patients being able to take greater ownership of their health through aggregating additional data and applying AI to achieve better treatments. Providers and staff will be able to maximize their time through AI optimizations and provide more proactive care based on AI predictions. These advancements will revolutionize the healthcare industry as we know it and pave the way for a healthier society. Some are calling AI the next quantum leap in technology, and healthcare should be at the forefront of leveraging the resources to drive improvement, accelerate innovation and save lives.

To learn more about how Carahsoft is enabling healthcare organizations to achieve technology innovations such as AI, visit our Healthcare Technology and AI and Machine Learning solutions portfolios and speak to a representative who can help meet your solution needs today.

Resources:

[1] “HHS CIO Karl Mathias Details 3 Promising Applications of AI in Health Care Sector,” GovConWire, https://www.govconwire.com/2023/05/hhs-cio-karl-mathias-details-3-promising-applications-of-ai-in-healthcare/

[2] “AI Survey: Health Care Organizations Continue to Adopt Artificial Intelligence to Help Achieve Better, More Equitable and Affordable Patient Outcomes,” Optum, https://www.optum.com/about-us/news/page.hub.ai-survey-health-care-organizations-adopt-artificial-intelligence.html

Transitioning Towards a Sustainable Healthcare Mindset at DHITS 2023

Posted on by Mike McCalip

Since the Defense Health Agency (DHA) oversees the entire military health system, it knows how important it is for members of the military and their doctors to be able to access medical records quickly and universally. In August 2023, the DHA hosted the Defense Health Information Technology Symposium (DHITS) where military health system (MHS) stakeholders discussed its newest asset– the Military Health System (MHS) Genesis. With the creation of this universal health record database, military members’ health records can easily be accessed, whether they are active-duty or not. Currently being rolled out in waves, the MHS Genesis plans to expand health records accessibility between different military branches.

Benefits from MHS Genesis

While still new, the MHS Genesis already shows improvements in several areas which include:

Enterprise and Cultural Interoperability: Some doctors may have different views or standards than others. This universal system makes patient files easily accessible to any doctor, regardless of military branch or practice. Now, the IT systems and Electronic Health Records (EHR) work together seamlessly. Different military branches will be able to use the same uniform system when it comes to accessing patient files and records, making the job easier for both patients and doctors.
Patient-Centric Care: With the MHS Genesis technology enhancements, it is now easier than ever to meet patients at their home on a Tuesday through telehealth. Telehealth is especially important within the military to give patients flexibility in choosing appointments as well as requesting information or gaining access to their medical records.
System and Process Automation: Medical professionals struggle with the global constraint of time. The MHS enables providers to automate tasks, saving time on things like paperwork and allowing for more one-on-one patient care.

Next Steps for the MHS

Currently, the entire DoD is at an 86% implementation rate for the MHS Genesis. It is actively being used in all DHA locations in the U.S. with plans to incorporate the universal health record system into the remaining treatment facilities outside of the United States by the end of 2023.

As leaders within the MHS continue their journey into modernization and sustainability, it is important that they equip people with the right knowledge and skills to be able to deliver their future vision of what military medicine should look like. The number one purpose of this emerging technology is to ensure the medical readiness of the military. The MHS Genesis will help guarantee that this stays a top priority, as it creates better access to information and helps deliver that information to the decision makers. Using Artificial Intelligence (AI) in medical settings is an exciting development that will help with diagnosing, personal assistants, risk analysis, forecasting and more. Through AI support, doctors will be able to spend more time on their patients and less time on large amounts of paperwork.

While the implementation of the MHS Genesis has been a success, all branches of the DoD must continue to communicate and collaborate openly and effectively. They must also involve other stakeholders by breaking down data silos and sharing freely what does and does not work in an enterprise setting. This will ultimately help with addressing public health challenges, ethically using AI in a medical setting, cybersecurity and more.

The MHS journey coincides with changing the deployment approach to a “sustainment” mentality. A sustainment mindset involves focusing on:

Optimization of user experience: Seeking feedback and continuing to adjust the technology to enhance user experience
Scalability: Scaling the success and implementing the changes across the enterprise if success is found with one configuration setup
Standardization: Creating a standard vocabulary and process for enterprise usage, so people communicate with the same terminology across the MHS

At the end of the day, the most important thing is that patients receive the care they need. Through the MHS Genesis and the IT solutions discussed at DHITS, the MHS hopes to greatly boost patient experiences, increase trust in the military health system, reduce healthcare provider burnout and give patients and clinicians access to data in real-time.

Visit Carahsoft’s Department of Defense and Healthcare solutions portfolios to learn more about DHITS 2023 and how Carahsoft can support your organization in these critical marketplaces.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DHITS 2023.*

7 Key Takeaways from HIMSS23

Posted on by Tim Boltz

In April, over 40,000 global health professionals converged in Chicago for the highly anticipated HIMSS23 Global Health Conference & Exhibition. Over the course of five days, healthcare, government and technology leaders discussed everything from wearable medical devices and artificial intelligence (AI) to cybersecurity and compliance. Here are some highlights and key themes from the conference.

Change is happening quickly: The buzz around ChatGPT offers a perfect illustration of just how quickly AI has become part of our everyday lives. There are many applications for AI in the healthcare space as well. In procedure rooms, cameras with AI can ensure processes are being followed, and thereby helping avoid malpractice. One key question circulating at the conference was: how can regulations be put in place to protect patients and practitioners’ privacy as this new technology starts to be implemented?

The cloud is here to stay: Underpinning many new technologies is the cloud. As more healthcare organizations use hybrid and multi-cloud environments, compliance becomes increasingly complicated and important. This is particularly true considering regulations and data protection laws are constantly changing. One benefit is there is a lot of overlap between compliance requirements. Looking for these common requirements (i.e. encrypting sensitive data) can help organizations navigate the seemingly complex world of compliance.

Data presents a paradox: Data holds tremendous potential to transform healthcare operations, but the promise of data-informed decision-making must be balanced with both the data overload felt by those on the front lines, and the preservation of patient privacy. Electronic health records (EHRs) have made the lives of doctors and nurses easier in many ways, but they have also required workers to document much more granular information to meet regulation and reimbursement requirements. As such, many workers are skeptical of health IT’s ability to alleviate burnout. Integrating data into the culture of the organization is the best way to ensure everyone is capturing the proper data and maximizing new technology investments.

Pursue interoperability: Not just having the data, but sharing that information is also crucial. By improving access to clinical data across institutions, we can discover new therapies, lower medical costs and improve patient care; however, interoperability also requires compliance and due diligence. At HIMSS23, panelists from the National Institute of Standards and Technology (NIST) described how next-generation database access control can facilitate data-sharing without moving large volumes of data. This promotes interoperability while preserving local protection policies. Additionally, panelists from the Centers for Medicare and Medicaid Services (CMS) emphasized the importance of Fast Healthcare Interoperability Resources (FHIR) standards.

Care is expanding beyond hospital walls: Increasingly, wearable technology is becoming a staple of healthcare, as it can help with monitoring everything from glucose levels to physical activity, in addition to supporting weight control and disease prevention. More than anything, wearables offer the opportunity to continue patient care outside the walls of the hospital, which reduces the cost of care. The data collected by wearable technology holds tremendous potential for analysis at both a patient level and the population level.

Cybersecurity must be top-of-mind: While wearables have many benefits, they must be used with cybersecurity in mind. A continuous glucose monitor that connects to the internet and patient portal, for example, could put all patient data at risk if the device is compromised. That’s why an Institute of Electrical Engineers (IEEE) working group has developed a framework with Trust, Identity, Privacy, Protection, Safety, Security principles (TIPPSS) for keeping devices with sensors safe. The goal is to make TIPPSS the standard for clinical Internet of Things (IoT) devices first, then for other solutions.

Privacy: Patient privacy was also a leading theme at HIMSS23. When working with AI, algorithms must be trained on large volumes of data. At the conference, panelists discussed how healthcare providers and tech companies can balance using this protected health information (PHI) to improve AI while still adhering to privacy laws like HIPAA. Data de-identification is one approach to get the most out of large volumes of data while maintaining patient privacy.

Overall a common thread throughout HIMSS23 was balance. Healthcare providers and tech companies must balance the promises of technology with due diligence, while working in partnership to develop innovative solutions. From data standards to data privacy, it is crucial to collaborate with the government to lay the right foundation for using these cutting-edge technologies.

Visit our Healthcare Solutions Portfolio to learn more about HIMSS 2023 and how Carahsoft can support your organization’s healthcare technology goals and initiatives.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at HIMSS 2023.*

Ransomware in Healthcare and Utilities

Posted on by Alex Whitworth

The past two years have seen relentless cyberattacks employed by hostile nations to disrupt American security, public health and the economy. The current U.S. administration has announced its emphasis on fighting ransomware particularly within these critical infrastructures. New regulations are underway for 4 of the 16 sectors including healthcare and water, which is a part of the utilities sector.^[¹^]In anticipation of the coming changes, here is a look into the current state of ransomware in healthcare and utilities, both of which have experienced some of the worst cyberattacks in recent years. By understanding the challenges in these fields, IT administrators can work to evaluate their individual organizational cybersecurity status and start to resolve issues before the enforcement of the new regulations begin.

USE CASE: HEALTHCARE

Unlike ransomware attacks on other sectors, cyberattacks within healthcare are threat-to-life crimes instead of economic crimes because they impede hospital operations and critical patient care. Ransomware attacks by foreign cybercriminals on hospitals are analogous to military strikes against healthcare facilities, which violate international warfare laws. Because of this, it is not only an IT system concern but a healthcare-wide risk that must be addressed with grave importance.

Recent Attacks

In 2020, Universal Health Services network was hacked by the Ryuk variant of ransomware resulting in all its IT systems shutting down and operations stopping at 250 hospitals. According to a Department of Health and Human Services (HHS) report, the incident ultimately cost $67 million in lost revenue and recovery although $26 million was covered by cyber insurance.^[²^]

The devastating ransomware attack against Scripps Health in May 2021 cost the company $112.7 million with over a month of cleanup and extensive revenue loss. ^[²^] In light of this rise in attacks, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and HHS all issued admonitions that hospitals and health systems be on alert and strengthen their ransomware protection and emergency plans.^[³^]

Impact

On average, the HHS reported that each healthcare cyberattack cost $10.10 million including the ransom, business loss and remediation costs, ranking it as the most expensive sector for cyberattacks across all industries.^[⁴^]This is 41.6% higher than in 2020.^[²^] Often, criminals target the healthcare sector because of the quantity and sensitivity of data available. Hospitals are also particularly susceptible due to the complexity of the IT infrastructure, 24/7 operations and the strong repercussions to the reputation of the organization, making them more likely to pay the ransom if an attack happens. Many healthcare organizations also employ a lot of legacy equipment and software as well as perform extensive amounts of file-sharing with many vulnerable endpoints. These areas are a security concern but some of these older systems are also imperative for regular operations and certain medical software to run.^[⁴^]

In addition to the immediate disturbance of operations, all of these hacks expose millions of patient records. For the general population, these healthcare breaches have tripled in their impact between 2018 and 2021, with 14 million people affected to now over 45 million. According to the HHS, healthcare institutions faced 373 ransomware attacks from January to July 2022.^[²^] Cyber disruptions’ impact through delayed care in areas with poorer healthcare is magnified even more. Northwell Health’s Senior Vice President and Chief Quality Officer Mark Jarrett says: “Clinicians in general tend to think of this as an information technology issue, and it really isn’t. It’s a patient safety issue.”^[⁵^]

Post-Attack Measures

Because of the unfortunate success of ransomware within healthcare, many institutions are seeking cyber insurance to offset the cost. The high number of incidents, however, has made it more difficult to obtain coverage until substantial cyber security defenses are in place.^[⁶^]While 79% of healthcare organizations possess cyber insurance, nearly all of them have had to improve their cybersecurity strategies to maintain coverage including incorporating new technologies, more employee training and other system process changes.^[⁶^]

The Censinet and the Ponemon Institute report, “The Impact of Ransomware on Healthcare During COVID-19 and Beyond,” noted that most healthcare institutions budget 3-4% of IT spending towards cybersecurity while financial firms spend an average of 6-14% to combat cybercrimes.^[⁷^] When healthcare systems invest in more cyber defenses, the overall impact of ransomware is dramatically lessened. For institutions with fully deployed cyber security measures, an IMB Security’s annual breach report discovered a 65.2% reduction in average breach cost and 74-day shorter detection and containment cycle versus companies without. This decreased the cost from $6.20 million to $3.15 million for those with security and a breach lifecycle of 323 days down to 249.^[²^]These results speak to the importance of implementing comprehensive cybersecurity protection and remediation tools in the healthcare sector.

USE CASE: UTILITIES

Similar to healthcare, ransomware attacks to the utilities sector are not just costly and inconvenient, they also impede critical infrastructure and have a wide impact radius to public health, safety and the companies’ bottom line. Utilities also underscore every aspect of daily life through electricity, oil, water and natural gas.

Recent Attacks

In May 2021, the Colonial Pipeline attack brought ransomware in utilities to the forefront of the public eye. The incident affected 45% of the fuel supply used on the U.S. East Coast, which generated a steep price increase and public panic.^[⁸^] Within two hours of access, the cyber criminals immobilized 100GB of critical data. As a result, the 5,500-mile pipeline system was closed for six days until the company paid $4.4 million in cryptocurrency as ransom. Reuters lists this cyber event as the most disruptive ransomware attack on record.^[⁹^]

Following the Colonial Pipeline hack, Congress issued a strong cybersecurity measure requiring critical infrastructure organizations to report an attack in three days and any payment of the ransom within one day. The goal is to increase information sharing and better equip the government to assist in these situations.^[¹⁰^]

Another large cyberattack in 2021 occurred in Florida when cybercriminals infiltrated the water treatment facility’s network through dormant software and spiked the sodium hydroxide level to 100 times its usual amount. Although the attack was detected and neutralized, the event unveiled a huge vulnerability in U.S. water systems due to minimal IT budgets, staffing shortages causing maintenance delays, outdated cybersecurity systems and other factors, making it easier for cybercriminals to breach the system unnoticed. Shortly after the news of the Florida water hack, three additional water treatment plant attacks across the country that had not been reported came to the surface.^[¹¹^]Research indicates that this situation represents a consistent trend. Although large attacks on well-known businesses are often featured more in the news, small businesses experience more ransomware attacks but they commonly go unreported.^[¹²^] The limited resources available often make smaller local government and enterprises a preferred target for ransomware because it is more difficult for them to recover from an attack, thus making them more likely to pay the ransom quickly.^[¹³^]

Impact

These major attacks in 2021 followed an already heightened evaluation of utilities’ security due to Executive Order 13636, which initiated the National Institute of Standards and Technology (NIST) Cyber Security Framework of 2014,^[^14a^] and the America’s Water Infrastructure Act of 2018,^[^14b^] which required water systems threat risk and resilience assessments to be completed between March 2020 and June 2021.

Post-Attack Measures

Utilities companies often rely on a data backup strategy that replicates the system to a second data center if the primary server fails. This setup works well for natural disasters, but companies must be aware that the infection can also be duplicated on non-segmented backup copies which hackers prioritize attacking as well.

Within the electric power sector, operational technology (OT) is widely spread across data centers’ locations and connected through dedicated cables which allows additional control over networking. This however, increases the attack surface and restricts the network’s ability to adapt and reroute traffic to another safe location in the event of a cyberattack, because the system is hardwired to be isolated.^[¹⁵^] Companies must be careful not to assume the direct lines would be inherently secure and should continue to conduct system monitoring especially as these networks start connecting to other systems. In addition to geographical and system complexities, many utility organizations also have decentralized cybersecurity leadership, which can contribute to post-attack confusion and a lack of clarity on the recovery plan.^[¹⁶^]

While demonstrating the return on investment (ROI) of cybersecurity strategies can be a challenge until an attack has occurred, experts highlight the value of these measures by pointing out the impact that a compromised system can have on a company and the general public.^[⁹^] With cybersecurity, success is ultimately demonstrated by the absence of cyber incidents. In the past, this led to a reluctance to invest in necessary cyber measures; however, this awareness is shifting as more companies are joining the initiative to secure their systems and networks.

In July 2022, national security advisors announced additional cybersecurity requirements will be instituted soon by the Environmental Protection Agency (EPA) to defend national water systems from hackers.^[¹⁷^] To prepare for these new guidelines, companies within the utilities sector must evaluate their systems and work to improve their defenses and recovery plans now in the face of ransomware attacks.

LOOKING AHEAD

Critical infrastructure across the country has been overwhelmed by the influx of ransomware and data breaches. Looking at the data projections for the coming years reveals that these intrusions will continue to grow at an alarming rate. While legislation develops to address the current cybersecurity gaps, sectors like healthcare and utilities must actively take initiative to address system weaknesses and make it more difficult for cybercriminals to infiltrate. Investing in the necessary changes and updates is crucial for U.S. critical infrastructure organizations before their individual institutions become the next target. Now more than ever is the time to modernize infrastructure, get ahead of cyber requirements and build resilience against the threat landscape.

Learn about steps to address these cybersecurity concerns whether in healthcare and utilities or across all sectors in our Ransomware Security Strategies Blog. Find our full Ransomware Series here.

Resources

[1] “FACT SHEET: Biden-⁠Harris Administration Delivers on Strengthening America’s Cybersecurity,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/11/fact-sheet-biden-harris-administration-delivers-on-strengthening-americas-cybersecurity/

[2] “Healthcare data breach costs reach record high at $10M per attack: IBM report,” Fierce Healthcare, https://www.fiercehealthcare.com/health-tech/healthcare-data-breach-costs-reach-record-high-10m-attack-ibm-report

[3] “Ransomware attacks on hospitals could soon surge, FBI warns,” CNET, https://www.cnet.com/news/privacy/fbi-warns-imminent-wave-of-ransomware-attacks-hitting-hospitals/

[4] “Ransomware 101 For Healthcare,” Forbes, https://www.forbes.com/sites/forbestechcouncil/2022/08/16/ransomware-101-for-healthcare/?sh=3bb3ca785b86

[5] “The pandemic revealed the health risks of hospital ransomware attacks,” The Verge, https://www.theverge.com/2021/8/19/22632378/pandemic-ransomware-health-risks

[7] “Ransomware in healthcare: it’s a matter of life and death,” NTT, https://services.global.ntt/en-us/insights/blog/ransomware-in-healthcare

[8] “Everything You Need to Know About Ransomware,” Ransomware.org, https://ransomware.org/

[9] “Ransomware Attacks in the Energy Industry,” CDW, https://www.cdw.com/content/cdw/en/articles/security/ransomware-attacks-energy-industry.html

[11] “The Critical Need to Protect Critical Infrastructure: Spotlight on Utilities,” Spy Cloud, https://spycloud.com/protect-critical-infrastructure-utilities-ransomware-ato/

[12] “How Utilities Can Reduce the Risk of Ransomware Attacks,” Energy Central, https://energycentral.com/c/pip/how-utilities-can-reduce-risk-ransomware-attacks

[13] “Ransomware Hits U.S. Electric Utility,” Trend Micro, https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-hits-u-s-electric-utility

[14a] “NIST Releases Cybersecurity Framework Version 1.0,” NIST, https://www.nist.gov/news-events/news/2014/02/nist-releases-cybersecurity-framework-version-10#:~:text=In%20February%202013%2C%20President%20Obama,help%20organizations%20manage%20cyber%20risks

[14b] “What Does the New American’s Water Infrastructure Act (AWAI) of 2018 Mean to You?” Crawford, Murphy & Tilly, Inc., https://www.cmtengr.com/2019/08/20/americans-water-infrastructure-act/

[15] “How energy and utility companies can recover from ransomware and other disasters using infrastructure as code on AWS,” AWS, https://aws.amazon.com/blogs/industries/how-energy-and-utility-companies-can-recover-from-ransomware-and-other-disasters-using-iac-on-aws/

[16] “Ransomware and Energy and Utilities,” AT&T Business https://cybersecurity.att.com/blogs/security-essentials/ransomware-and-energy-and-utilities

[17] “White House Official: EPA to Issue Cybersecurity Rule for Water Facilities,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/epa-issue-cybersecurity-rule-water-facilities-white-house-official/375098/

Infographic Resources:

[6] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[10] “Looking Back at the Colonial Pipeline Ransomware Incident,” Government Technology, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/looking-back-at-the-colonial-pipeline-ransomware-incident

“The 2021 Ransomware Risk Pulse: Energy Sector,” Black Kite, https://blackkite.com/wp-content/uploads/2021/09/The-2021-Ransomware-Risk-Pulse-_-Energy-Sector.pdf