In the aftermath of a ransomware attack several years ago, Hackensack Meridian Health embarked on transforming its cybersecurity program with the support of top leadership and increased funding and staff and by implementing critical security tools and best practices, said CISO Mark Johnson.
Healthcare organizations and makers of medical devices need to think about how to safeguard their critical medical gear against future cyberthreats, including the looming dangers posed by quantum computing, said Mike Nelson, global vice president of digital trust at security firm DigiCert.
The U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.
It's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
Healthcare sector organizations need to focus their attention on meeting the "voluntary" essential and enhanced cybersecurity performance goals set out by federal regulators before they become potential mandates, said Kate Pierce, virtual information security officer at Fortified Heath Security.
The vast healthcare ecosystem disruption caused by the recent attack on Change Healthcare, which affected more than 100 of the company's IT products and services, underscores the concentrated cyber risk when a major vendor suffers a serious cyber incident, said Keith Fricke, partner at tw-Security.
The healthcare sector needs a 911-style cyber civil defense system that can help all segments of the industry, including under-resourced groups, to more rapidly and effectively respond to cyberattacks and related incidents, said Erik Decker, CISO of Intermountain Health and a federal cyber adviser.
The Department of Health and Human Services is working on grant programs and other financial programs to help under-resourced healthcare organizations deal with the cybersecurity challenges they're facing, said La Monte Yarborough, CISO and acting deputy CIO at HHS.
The Change Healthcare attack is already providing valuable lessons to healthcare firms - mostly about the importance of resilience, especially when it comes the industry's supply chain and third parties, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
Leaders in cybersecurity - and in any other business - need to keep a bank account filled with the trust and respect of their employees and make sure that account stays in the black, said Chase Cunningham, aka the Doctor of Zero Trust. He discussed his new book on how to be a good leader.
The Change Healthcare mega hack has taken nearly 120 of the company's IT products and services offline since Feb. 21, and that cyber disruption is having serious, widespread impact on the entire healthcare industry including major players, said attorney Sara Goldstein of the law firm BakerHostetler.
Your supply chain is your new attack surface, according to Galit Lubetzky Sharon, the co-founder and CEO of Wing Security. She discusses Wing's solution - Secure SaaS Posture Management, or SSPM - that helps organizations ensure that all of their SaaS apps are safe and compliant.
It's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at Henry Ford Health System.
CISO Sam Curry and CMO Red Curry discuss the chaos and disruption of cyberwar and how attacks on critical infrastructure can tactically help attackers in combat, demoralize the general population and affect critical capabilities at just the right point in time.
The Biden administration's strategy for bolstering health sector cybersecurity, which includes newly released voluntary cyber performance goals and plans to update the HIPAA Security Rule, is fueling uncertainty in some organizations, said privacy attorney Iliana Peters of law firm Polsinelli.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.