Ask the Experts

Ask the Experts

• Understanding barriers to cyber resilience in healthcare

  Cyber resilience is essential to ensure swift response and recovery from a cybersecurity incident, but it is a constant challenge for healthcare organizations.  Continue Reading

• What the LockBit ransomware gang’s return means for healthcare

  An international law enforcement operation disrupted one of the most prolific ransomware groups, only for them to reemerge days later.  Continue Reading

• Exploring the Role of Identity and Access Management in Healthcare

  Identity and access management is a crucial component of any healthcare organization’s security strategy.  Continue Reading

• Top Healthcare Cybersecurity Predictions For This Year

  Industry experts predicted a focus on AI and supply chain security as ransomware threats continue to threaten healthcare cybersecurity in 2024.  Continue Reading

• How Digital Health Companies Navigate the Patchwork of State Data Privacy Laws

  As new state-level data privacy laws go into effect, digital health companies will have to navigate unforeseen compliance complexities.  Continue Reading

• Navigating the SEC Cyber Incident Disclosure Rule, How It Impacts Healthcare

  The Securities and Exchange Commission’s (SEC) cyber incident disclosure rule requires publicly traded companies to disclose material cyber incidents within four business days.  Continue Reading

• Why Are Healthcare Data Breaches So Expensive?

  The complexity and volume of health data, paired with its status as a highly regulated critical infrastructure sector, make healthcare data breaches more expensive than those in other sectors.  Continue Reading

• Rural Healthcare Cybersecurity Aid Grows, But Challenges Persist

  Rural healthcare cybersecurity has caught the attention of lawmakers as under-resourced hospitals grapple with complex security challenges.  Continue Reading

• What the US Cyber Trust Mark Means for IoT Security in Healthcare

  The US Cyber Trust Mark would provide consumers with cybersecurity assurances for smart devices and could have implications for healthcare in the future.  Continue Reading

• How the Health3PT Council Addresses Third-Party Risk Management Woes

  A coalition of healthcare CISOs makes up the Health 3rd Party Trust (Health3PT) Council, an organization dedicated to improving third-party risk management in healthcare.  Continue Reading

• How Providers Can Defend Against AI-Assisted Cyberattacks

  Threat actors may leverage AI tools such as ChatGPT to accelerate healthcare cyberattacks and advance their goals of data exfiltration.  Continue Reading

• How Did This Happen? Understanding the Issue of Third-Party Tracking Tech in Healthcare

  Third-party tracking tech on hospital websites has resulted in numerous data breaches in the past year, prompting questions about how this tech can be used in a compliant manner.  Continue Reading

• How FTC Enforcement Actions Will Impact Telehealth Data Privacy

  Recent high-profile settlements against telehealth companies show that the FTC is willing to enforce its Health Breach Notification Rule and hold entities accountable for noncompliance.  Continue Reading

• Outdated Operating Systems Remain Key Medical Device Security Challenge

  Support for Windows 8.1 ended in January, sparking conversations about how to manage risks associated with out-of-date operating systems and medical devices in the healthcare sector.  Continue Reading

• Tackling Third-Party Risk Management (TPRM) Challenges In Healthcare

  Third-party risk management (TPRM) is a crucial component of any healthcare organization’s security and compliance programs.  Continue Reading

• How Sen. Warner Aims to Mitigate Healthcare Cybersecurity Risks Through Legislation

  Senator Mark Warner spoke with HealthITSecurity about the healthcare cybersecurity challenges discussed in his recent policy options paper and how he plans to address them.  Continue Reading

• How An Independent Practice Recovered From a Third-Party Ransomware Attack

  A NC-based family physician shares lessons learned after his independent practice was collateral damage in a third-party ransomware attack originating at a cloud provider.  Continue Reading

• How Northwell Health Runs Its Cybersecurity Training and Awareness Program

  The New York health system uses a variety of tactics to keep its cybersecurity training and awareness program fresh and engaging for its entire workforce.  Continue Reading

• Top Free Resources For Improving Healthcare Cybersecurity

  Regardless of size, structure, or budget, providers can leverage free or low-cost industry resources to improve healthcare cybersecurity.  Continue Reading

• 3 Strategies for Healthcare Merger, Acquisition Cybersecurity Due Diligence

  Assessing the target company’s cyber resiliency and establishing a list of non-negotiables are among the top strategies for conducting healthcare merger and acquisition cybersecurity due diligence.  Continue Reading

• How HITECH Recognized Security Practices Boost Healthcare Cybersecurity

  The voluntary use of HITECH recognized security practices can help covered entities bolster their security postures and better protect themselves against top healthcare cybersecurity threats.  Continue Reading

• Top 3 HIPAA Compliance Challenges of This Year

  A privacy expert breaks down the top HIPAA compliance challenges coming out of 2022, including the Dobbs decision, third-party risk, and the increasing interconnectedness of healthcare.  Continue Reading

• 3 Ways to Avoid Repeat Healthcare Ransomware Attacks

  Organizations can decrease their chances of becoming repeat healthcare ransomware attack victims by focusing on thorough remediation, ensuring vulnerability management, and learning from other victims.  Continue Reading

• Exploring Security, Privacy Team Roles in Healthcare Cyber Incident Response

  It is crucial that security and privacy teams are on the same page throughout the healthcare cyber incident response process.  Continue Reading

• Ransomware Attack Has Varying Impacts Across CommonSpirit Facilities

  CommonSpirit Health is still recovering from a ransomware attack that impacted multiple facilities across the health system.  Continue Reading

• White House Sets Sights on New Healthcare Cybersecurity Standards

  Anne Neuberger said that the creation of additional healthcare cybersecurity standards and guidance would be an upcoming area of focus for the White House.  Continue Reading

• Key Ways to Manage the Legal Risks of a Healthcare Data Breach

  Managing the legal risks of a healthcare data breach requires organizations to view risk holistically and collaborate with key stakeholders.  Continue Reading

• Experts Weigh in on Medical Device Security Exit from FDA User Fee Bill

  Experts see the exclusion of medical device security from the FDA user fee reauthorization bill as a missed opportunity, but there is still optimism for future efforts.  Continue Reading

• What the American Data Privacy and Protection Act Could Mean For Health Data Privacy

  If passed, the American Data Privacy and Protection Act (ADPPA) could have significant implications for health data privacy outside of HIPAA.  Continue Reading

• How Rural Hospitals Can Tackle Healthcare Cybersecurity Risks

  Rural hospitals are up against the same healthcare cybersecurity risks as larger organizations but may have limited resources to combat them.  Continue Reading

• 6 Healthcare Cybersecurity, Operational Strategies For Successful CISOs

  Mastering effective communication, implementing a risk-based healthcare cybersecurity approach, and attracting top cyber talent are all parts of a CISO’s job description.  Continue Reading

• Top Mid-Year Healthcare Cybersecurity Trends

  Experts share insights on this year’s healthcare cybersecurity trends, citing the continued prominence of ransomware and ongoing medical device security risks.  Continue Reading

• How New Federal, State Laws Impact Healthcare Data Privacy

  HIPAA-covered entities must navigate HIPAA compliance along with recently introduced federal and state data privacy standards, creating significant challenges and complexity.  Continue Reading

• Exploring the Value, Limitations of Medical Device Security Legislation

  Medical device security legislation such as the PATCH Act may revolutionize security standards in the future, but organizations need to act now to secure legacy systems and devices.  Continue Reading

• Exploring Challenges, Benefits of Cyber Insurance in Healthcare

  Cyber insurance coverage can help healthcare organizations minimize losses in the wake of a data breach, but it does not replace the need for a comprehensive security strategy.  Continue Reading

• How Jefferson Health is Tackling the Cybersecurity Workforce Shortage

  Jefferson Health is expanding its hiring scope and leaning on technology to manage the ongoing cybersecurity workforce shortage without sacrificing security.  Continue Reading

• Medical Device Security Requires Standards, Shared Responsibility

  UL's global head of medical device security discusses the need for industry standards and shared responsibility to ensure security across the medical device supply chain.  Continue Reading

• AI in Healthcare Presents Need for Security, Privacy Standards

  Duke, Mayo Clinic, and DLA Piper are teaming up to ensure that security, privacy, and safety are top-of-mind when implementing AI in healthcare.  Continue Reading

• How to Effectively Communicate Healthcare Cyber Risks to C-Suite Execs

  To effectively communicate healthcare cyber risks to C-suite executives, cybersecurity professionals must translate technical jargon into business deliverables.  Continue Reading

• Importance of API Security in Healthcare Grows as Cyberattacks Increase

  As more organizations rely on APIs to run critical functions, ensuring API security in healthcare is crucial to preventing cyberattacks.  Continue Reading

• Navigating The Highly Saturated Healthcare Cybersecurity Market

  With a highly saturated healthcare cybersecurity market, healthcare organizations may find it difficult to choose vendors and make investment decisions.  Continue Reading

• As Adoption of Edge Computing in Healthcare Grows, So Do Security Needs

  Edge computing in healthcare is growing alongside 5G, but organizations should expect to make big investments to ensure edge security.  Continue Reading

• Threat Actors Shift Tactics, Targets As Ransomware Evolves

  As ransomware continues to evolve, threat actors are favoring double extortion, RaaS, and software vulnerability exploits.  Continue Reading

• Understanding the Risks, Complexity of Healthcare Cybersecurity

  One emergency medical physician and health IT adviser shares insights on the growing cybersecurity challenges in healthcare today.  Continue Reading

• Sky Lakes Medical: A First-Hand Look at Fall Ransomware Attack, Recovery

  Sky Lakes Medical Center was among the dozen healthcare providers caught up in the wave of ransomware attacks last fall. Its analyst shares a first-hand account of the incident and recovery.  Continue Reading

• What Happens After a Ransomware Attack in the Health IT Environment?

  CyberMDX’s Ido Geffen takes a hard look at ransomware attacks within a healthcare environment, including what providers are getting wrong and needed security mitigations.  Continue Reading

• Could The SASE Model Move the Needle on Healthcare Cybersecurity?

  The threat landscape is evolving faster than healthcare cybersecurity. AT&T Cybersecurity’s Rupesh Chokshi believes secure access service edge (SASE) might better support providers.  Continue Reading

• The Telehealth Security Impact: Now and Beyond the COVID-19 Pandemic

  IEEE and Impact Advisor leaders share best practice policies for encryption, risk remediation, and security reviews to reduce possible telehealth security impacts beyond COVID-19.  Continue Reading

• Critical Infrastructure Attacks: Threat Landscape Forces Security to Evolve

  Ongoing and recent outages at critical infrastructure entities highlight the sophistication and evolution of the threat landscape, driving the need for improved security posture in healthcare.  Continue Reading

• Healthcare’s Email Problem: Insider Threats, Data Retention, Phishing

  Email is a crucial communication tool, but as insider threats remain the biggest risk, healthcare must address key problem areas like data retention and phishing defenses to reduce risks.  Continue Reading

• Report: Healthcare IoT, Devices Most Impacted by TCP/IP Vulnerabilities

  Forescout’s ongoing TCP/IP vulnerability research shows that IoT and medical devices in healthcare face the greatest risk of exposure and attack.  Continue Reading

• Ransomware Hits Scripps Health, Disrupting Critical Care, Online Portal

  Scripps Health is operating under EHR downtime and diverting some critical care after a ransomware attack over the weekend; a third-party incident, employee error, phishing, email hacks, and another Netgain victim complete this week’s breach roundup.  Continue Reading

• DNS Flaws in Millions of IoT Devices Pose Remote Attack, Exfiltration Risk

  New Forescout research details Name:Wreck vulnerabilities found in millions of IoT devices, which could lead to hacking or remote code execution attacks.  Continue Reading

• Healthcare's Data Extortion Problem, and How to Prepare for Ransomware

  Data extortion attempts are now occurring in at least 70 percent of all ransomware attacks. How can healthcare providers best combat these pervasive tactics?  Continue Reading

• COVID-19, Info Blocking Provisions: Time for HIPAA Compliance Checkup

  ONC’s info blocking provisions went into effect on April 5, about one year from the COVID-19 nation emergency declaration, stressing the need for a HIPAA compliance checkup.  Continue Reading

• Verkada Security Camera Hack Allows Access, Leak of Hospital Live Feeds

  First reported by Bloomberg, the hack of Verkada allowed hackers to gain access to the live feeds of 150,000 security cameras, including those belonging to several hospitals and Tesla.  Continue Reading

• How to Mitigate COVID-19's Impact on Device Security and Patient Safety

  Healthcare was already overextended in terms of security prior to COVID-19. Rapid device adoption is driving the need to mitigate security risks to patient safety.  Continue Reading

• Health CISO Shares Security Strategies for Ransomware, Enterprise Risks

  IU Health CISO Mitch Parker recently shed light on the barrage of attacks facing healthcare and the need for developing security strategies to defeat enterprise risks, like ransomware.  Continue Reading

• How Automation Improved Identity, Access Management at Molina Health

  Burdened by a slow onboarding process, Molina Health recently tackled its access management challenges by automating its identity governance program.  Continue Reading

• Netwalker Ransomware Site, Emotet Botnet Taken Down in Global Effort

  Federal agencies took down two significant global cybercrime efforts: the Emotet botnet and the Netwalker ransomware hacking group’s dark web site used for communicating with victims.  Continue Reading

• Can Healthcare Shore Up Insider Threats, Transparency Needs in 2021?

  The rise in attacks and healthcare security incidents at the end of 2020 makes it imperative to secure insider threats, particularly as the need for transparency increases in response to COVID-19.  Continue Reading

• Biggest Healthcare Security Threats, Ransomware Trends into 2021

  Much like the previous year, ransomware was one of the healthcare sector’s biggest cybersecurity threats seen in 2020; spotlighting the need for proactive measures.  Continue Reading

• UPDATE: Luxottica Data Leaked by Hackers After Ransomware Attack

  Luxottica recently faced a ransomware attack and another hack on its appointment scheduling app. But the subsequent notice did not disclose the initial incident, nor that hackers leaked sensitive data.  Continue Reading

• Millions of Medical Images Exposed, as US Fails to Secure PACS Flaws

  A year out from a shocking report that revealed massive PACS vulnerabilities were exposing millions of medical images and data, and NNT shows the US has failed to secure those flaws.  Continue Reading

• Required Actions to Prevent Common Ransomware Exploits, Access Points

  Healthcare is leaving out the proverbial welcome mat for hackers, failing to address key vulnerable endpoints, which later become top access points and exploits for ransomware attacks.  Continue Reading

• FDA Scoring Tool Update Adds Vulnerability Risk to Patient Safety

  An update to the FDA Medical Device Development scoring tool takes into account how a medical device vulnerability would impact patient safety, improving transparent device security.  Continue Reading

• Ransomware Wave Hits Healthcare, as 3 Providers Report EHR Downtime

  A joint alert from HHS, DHS CISA, and the FBI warn of an imminent wave of ransomware attacks, including Ryuk, as three providers deal with IT disruptions under EHR downtime.  Continue Reading

• Medical Device Security Stymied by Legacy Tech, Flawed Segmentation

  Forescout’s Connected Medical Device Security report shows improved awareness around healthcare on network segmentation and legacy devices, but other security challenges remain.  Continue Reading

• Rapid Threat Evolution Spurs Crucial Healthcare Cybersecurity Needs

  Ransomware, phishing, and human weaknesses are serious cyber risks to health IT infrastructure amid COVID-19, which makes it crucial to improve security to combat evolving threats.  Continue Reading

• Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

  In the wake of a breach or ransomware, healthcare entities must be transparent with patients to protect privacy, prevent further crimes, and ensure compliance in HIPAA breach notifications.  Continue Reading

• Ransomware Spurs EHR Downtime at UHS Health System, 3 More Providers

  Multiple hospitals owned by the Universal Health Services health system are experiencing EHR downtime due to a suspected ransomware attack, joining three other providers responding to “security events.”  Continue Reading

• Ransomware Hacking Groups Post Data from 5 Healthcare Entities

  NetWalker, REvil, SunCrypt, and Pysa, or Mespinoza, ransomware hacking groups posted data allegedly stolen from five healthcare entities in recent weeks to blackmail them into paying the ransom.  Continue Reading

• Cyber Resilient Vendor Relationships for Healthcare’s Threat Landscape

  A healthcare third-party vendor breach can have a devastating impact on multiple entities, which means it’s crucial to have cyber resilient vendor relationships to keep pace with these threats.  Continue Reading

• Healthcare’s Password Problem and The Need for Management, Vaults

  Credential theft remains a prominent issue in healthcare. Given many are habitual in password reuse, the sector must improve its policies, management, and consider employing password vaults.  Continue Reading

• Key Needs for a Resilient Healthcare Information Security Program

  Impact Advisor’s Shefali Mookencherry examines the current threat landscape and the tools entities need to build a resilient healthcare information security program.  Continue Reading

• The Risk of Nation-State Hackers, Government-Controlled Health Data

  Throughout the COVID-19 pandemic, an increasing amount of health data is being controlled and stored by the government. As nation-state hacking increases, the risks to privacy will follow.  Continue Reading

• How Zero Trust in Healthcare Can Keep Pace with the Threat Landscape

  Hackers are outpacing healthcare in the overall cybersecurity race. Zero trust in healthcare can help stop attack proliferation, but it will be an uphill battle.  Continue Reading

• COVID-19 Cybersecurity: Building Resilience Beyond the Crisis

  Visibility, network access management, and automation are crucial to securing and building resilience to the healthcare infrastructure long after the COVID-19 pandemic ends.  Continue Reading

• The Key to Improving Medical Device Security is Collaboration, Visibility

  Manufacturers, healthcare delivery organizations, policymakers, and even patients need collaboration to better understand and address medical device security risks and improve visibility.  Continue Reading

• Impact of Ripple20 Vulnerabilities on Healthcare IoT, Connected Devices

  The healthcare sector is the most affected by a group of 19 critical vulnerabilities known as Ripple20, found in over 52,000 medical device models and with remote code execution possibilities.  Continue Reading

• Cloud Mitigation for Ransomware, as COVID-19 Spurs Cyberattacks

  Providers are increasingly being targeted with cyberattacks and ransomware throughout COVID-19; edge-to-cloud security tactics could reduce the increased risk to the healthcare sector.  Continue Reading

• Breach of Telehealth App Babylon Health Raises Privacy Concerns

  While Babylon Health is UK-based, its recent breach that allowed patients to view appointments of other patients raises a host of privacy concerns in light of telehealth expansion in the US.  Continue Reading

• COVID-19 Security: Reducing Risk of Temporary Hospitals, Remote Care

  The rapid deployment of remote tech, telehealth, and temporary hospitals amid COVID-19 has significantly increased vulnerabilities in healthcare, which could have lasting impacts beyond the crisis.  Continue Reading

• External Threats Outpace Insider-Related Breaches in Healthcare

  Verizon’s Data Breach Investigations Report finds external threats caused more healthcare data breaches than insiders last year, as the confirmed number of breaches substantially increased.  Continue Reading

• COVID-19 Contact Tracing Apps Spotlight Privacy, Security Rights

  As tech giants like Microsoft, Google, and Apple move to craft the APIs behind COVID-19 contact tracing apps, privacy advocates rush to ensure the protection of privacy and cybersecurity rights.  Continue Reading

• Ransomware Success Declines Amid COVID-19, But Resurgence is Likely

  While hackers have continued to target providers amid the pandemic, the number of successful attacks is in decline. But healthcare should plan now for the inevitable resurgence.  Continue Reading

• Critical VPN Security for Telehealth, Remote Access Amid COVID-19

  In a recent Healthcare Strategies podcast, CynergisTek CEO and President Caleb Barlow sheds light on best practice tech and practices for telehealth and remote work during COVID-19.  Continue Reading

• Must-Have Telehealth, Remote Work Privacy and Security for COVID-19

  COVID-19 has drastically increased the threat landscape for healthcare with the spike in telehealth and remote work; here are the must-have privacy and security needs during the pandemic.  Continue Reading

• Hackers Target WHO, COVID-19 Research Firm with Cyberattacks

  Hackers unsuccessfully attempted to breach the network of WHO, while Maze ransomware hackers published sensitive data from a medical research firm on standby to work on a COVID-19 vaccine.  Continue Reading

• Best Practice Cybersecurity Methods for Remote Care, Patient Portals

  Experian Health’s Jason Considine shares best practice cybersecurity methods, as providers potentially expose themselves to greater risk with the use of mobile and patient portals.  Continue Reading

• Vendor Management Needed in Light of NRC Health Ransomware Attack

  CynergisTek’s David Holtzman dives into vendor management priorities for providers in light of recent third-party vendor breaches with potentially serious consequences, like the NRC Health ransomware attack.  Continue Reading

• Maze Ransomware Hackers Extorting Providers, Posting Stolen Health Data

  Soon after the FBI warned that hackers are targeting private sector organizations to encrypt and steal data, Maze ransomware actors are now publicly extorting providers and posting stolen PHI.  Continue Reading

• Evaluating Cyber Readiness, Vulnerabilities with Pen Testing

  Once a healthcare organization has built what it feels is a strong defense and security program, security leaders can look to third-party vendor penetration testing to evaluate its cyber readiness.  Continue Reading

• Key Elements for Secure Business Associate Agreements, Relationships

  Impact Advisors’ Shefali Mookencherry dives into key elements for building secure business associate agreements and relationships that can protect the covered entity in the event of a data breach.  Continue Reading

• Cybersecurity Impact of Microsoft’s End to Windows 2007 Support

  Microsoft is ending support for Windows 2007 and two legacy platforms on Jan 14, which CynergisTek’s Clyde Hewitt says will rapidly increase cybersecurity risks to the healthcare sector.  Continue Reading

• Could Patient Privacy Awareness Drive Health IT Innovation in 2020?

  Egress CEO shares how as patients are growing increasingly aware of their HIPAA privacy rights, providers are beginning to challenge legacy ways of tech delivery to drive health IT innovation.  Continue Reading

• Is Healthcare Prepared to Respond to Cyber Threats Beyond Ransomware?

  DHS alerts on increasing cyber threats from Iran and healthcare struggles with ransomware reveal providers need better recovery plans to prepare for the next wave of cyberattacks.  Continue Reading

• How Does HIPAA Apply to Wearable Health Technology?

  The use of wearable health technology is expected to expand substantially within the next few years. How do HIPAA security and privacy protections apply to wearables and the health data they collect and store?  Continue Reading