Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment – Part 2

Healthcare CIOs, CISOs, and other information risk management leaders face daunting challenges when it comes to deciding where to apply their limited resources to make the biggest difference in their organization’s cyber risk posture. As I mentioned in my previous post, healthcare security leaders can be tempted by shiny new objects – i.e., new security tools – that promise to be the panacea to their most pressing security problems. Cyber...

Read More

HIoT and Third Party Vendor Risk

The rising number of non-IT devices plugged in, or connected wirelessly, to hospital networks far overshadows the number of PCs, laptops and workstations in most facilities. What is more, most of these IoT devices have no security protections and cannot easily be patched. Medical devices are growing at 20% per annum and are often owned and managed outside of hospital IT and Security teams. No wonder then, that hospital CEOs are becoming concerned...

Read More

Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment – Part 1

You’re the CISO of a healthcare organization and you just sat through an amazing sales presentation by one of your security vendors. You are considering cutting a PO to purchase that new security tool. You’ve been thinking for some time about purchasing tools to close security gaps that you’re aware of and this particular tool appears to address a critical area of weakness in your information security program. At the same time, you’ve got...

Read More

Security Tools and SaaS

With between 45 and 65 different security vendors' tools in the average hospital CISO's tool box, healthcare providers need to make sure that third-party tools work well together and do not create unwanted complexity or introduce their own vulnerabilities. Smaller providers in particular should look to partner with service providers to procure and consume expert security services rather than continue to pour money into the management of in-house...

Read More

Shiny Objects

Security leaders all too often succumb to the distraction of a new shiny object that promises to be the panacea to all their security problems. Vendors encourage this line of thinking happy to make another sale and to have a new customer. What makes things worse is that a focus on CapEx budgets at most organizations to buy and implement more tools encourages this behavior when really an annual service may be a far cheaper, better, and faster...

Read More

Hacking Healthcare Live: Bits and Bytes Meet Flesh and Blood

Possibly one of the BEST EVER demos at RSA of all time for anyone in the medical space. Watch a live simulated medical device hack as an unsuspecting ER doctor faces the reality of practice in a brave new world of insecure technologies and vulnerable patients. Doctors Christian Dameff MD and Jeff Tully MD from the University of California Health System are joined by Josh Corman from I Am The Cavalry to demonstrate what can happen when a medical...

Read More

2018 Annual Cybersecurity Report

Cisco today released it's 2018 Annual Cybersecurity Report providing a freshly updated view into the current techniques that adversaries use to elude defenses and evade detection, along with insights and recommendations designed to help organizations and users defend against attacks. The report is based upon a study conducted by Cisco of 3600 Chief Information Security Officers (CISOs) and security industry leaders from 26 countries. This...

Read More

New Zealand Healthcare - Just Keeping its Head Above Water!

New Zealand Healthcare - Just keeping its head above water.  Photo: Hamish Clark. Securing the delivery of healthcare services in New Zealand faces many of the same challenges as in other mixed public / private health systems. Chronic under-funding of the public health system by government austerity measures is putting pressure on a system already overloaded. Net immigration to New Zealand is combining with a rapidly aging population that...

Read More

2017: A Milestone Year for UAE

The American Hospital Dubai. 2017 was a watershed year for healthcare providers in the United Arab Emirates. Joint ventures with US, UK, European and other healthcare partners saw the start or completion of a number of large hospital construction projects, vastly expanding the number of beds and types of procedures that can be conducted throughout the emirate. Partnerships with US-based Childrens' National Medical Center, The Cleveland Clinic,...

Read More

Beverly Hills Security Summit

Beverly Hills Security Summit CISO Forum. Photo: Tina Kitchen. What is it that keeps your CEO and Board up at night? How do you communicate cybersecurity risk to the Executive Leadership Team and the board, and do you talk to enterprise risk or just technology security risk? In planning to address ELT and board risk concerns, how are you going about the development of a security risk remediation plan? Have you considered the development...

Read More