The best thing Rodney Graves can hear is nothing’s happening. It’s a funny thing to hear from a chief information security officer (CISO) who is relentless in his own development and spends his limited free time—a father of three whom all have busy schedules of their own—taking the occasional strike to the face as a Muay Thai boxing enthusiast.
But it’s true.
“We build strategy and invest resources around making sure nothing happens, which makes ROI a little challenging to defend at times,” Graves says. “It’s a 24/7 job to keep this health system secure and supported, so a quiet, uneventful week is worth toasting.”
But nothing happening doesn’t mean malicious actors aren’t actively plotting cyberattacks against institutions like Greater Baltimore Medical Center (GBMC), where he first joined as a network engineer in 2015. To Graves, it just means the attack isn’t an immediate crisis.
As any good cybersecurity expert will tell you, it’s just a matter of time. For GBMC, that time came in December 2020, when he was a cybersecurity specialist. Following the ransomware incident and Graves’ leadership navigating it, he was immediately promoted to cybersecurity manager and then into his current CISO role in January 2023.
In 2020, Graves was unaware his performance would earn him repeated promotions. He just knew the day he had been dreading was finally here.
“All systems were down,” he remembers with a shudder. “It was Christmas time. The COVID-19 pandemic already had stress levels high. The attackers were able to impact systems at the roots of our infrastructure, so we had to rebuild everything from scratch.”
A ransomware attack is a catastrophic event for any organization, but Graves knew systems being down meant the health system’s most vulnerable patients were at risk. Every second counted. His team was communicating with various ransomware recovery specialists, the FBI, the State of Maryland, GBMC’s CEO, and the insurance company. Everyone told him the same thing: this would be a marathon, not a sprint.
“Imagine the conflict we were feeling,” he remembers. “In one sense, we heard the advice and understood the reasons behind pacing ourselves during the recovery period. We wanted to recover in a way that would prepare our systems for potential future attacks and were conscious of the impact burnout would play, but every minute we were concerned about the lives that were being impacted.”
Graves’s team was able to get GBMC’s fetal monitoring system back online in what felt like an eternity of two-and-a-half weeks, working without stopping for the bulk of that time. He remembers multiple people shedding tears when the system was restored, knowing nurses had been doing nonstop rounds to ensure the health and safety of newborns.
But there was no time to celebrate. His team had to immediately pivot to getting the system’s cancer readout system back online, knowing people had been without desperately needed test results for weeks.
It’s no surprise Graves still feels a significant amount of anxiety when reflecting on the 2020 ransomware attack. Despite the event, the CISO says there were positive aspects. The IT team came back stronger than ever with more flexibility and prioritization when it comes to protecting systems.
The department was also able to expand, but since the attack, 85 percent of his original team remains intact. “We had and continue to have a very strong team,” Graves explains. “Everyone worked with so much dedication, it was inspiring to be part of, even in the midst of such a challenging situation.”
Along with its internal team, GBMC was able to partner with, and receive crucial contributions during the recovery from security specialists such as CDI.
“At CDI, we take pride in our trusted relationships with businesses like GBMC HealthCare,” says Felix Vargas, chief technology officer for security at CDI. “The healthcare industry is facing increasing threats from cybercrime, and we understand the critical importance of protecting sensitive data and ensuring the continuity of healthcare providers’ operations. CDI employs cutting-edge technologies and a team of highly skilled professionals to counter the rising tide of cyberthreats, enabling providers to focus on delivering essential care with peace of mind.”
In his new role, Graves sees the pre- and post-2020 cybersecurity environment at GBMC as two different worlds. In one, he had to continually be the advocate for more resources. In the other, he feels empowered to continually offer new education to employees, stress cyber initiatives, and get more leeway because more people understand the minor inconvenience of a system needing an update versus the complete shutdown of its entire system.
“We now have the ear of the organization,” he says. “We have multiple committees dedicated to recovery/downtime preparation, and another committee providing monthly cybersecurity education. As you can expect, our audience is a lot more receptive.”
Graves credits his continued love and appreciation for martial arts for not only getting him through 2020, but also making him a better leader. The CISO started first with Tai Chi, slow and intentional movements to promote breathwork and mindfulness. And then there is his true love, Muay Thai kickboxing. He even traveled to Singapore to train at a legendary gym. The rapid-fire kicks and punches are how he looks forward to tiring out his body every day.
Those two disciplines perfectly illustrate the ideology of Rodney Graves. Meditative and thoughtful while being able to spring into an all-out offensive when called upon. Graves isn’t hoping for another worst-case scenario, but he will certainly be ready for when the time comes.
CDI Healthcare delivers robust digital solutions for the healthcare industry. Utilizing collective expertise across CDI’s diverse pillars, the industry-specific segment of CDI offers best-in-class solutions for intelligent operations, automation, and DevOps with the aim to enhance the effective management and operation of healthcare systems. CDI Healthcare combines infrastructure optimization, elite security solutions, and industry-leading penetration testing to ensure high performance and secure data management, whether on-premises or in the cloud. With a proven record in healthcare applications, VDI, cybersecurity and resiliency, automation, and DevOps, CDI Healthcare helps clients achieve cost savings and compliance relief, driving value and managing risk.