Should we be worried about state-sponsored cyber-attacks against hospitals?

We ABSOLUTELY should! For the past decade and a half, the criminal underworld, Russian Mafia and other organized crime syndicates in the former Soviet Union have provided a constant reminder of both the fallibility of modern IT systems and the tenacious expertise of Russian hackers and their cyber-criminal community. In what now seems like background white noise, these highly organized perpetrators have executed a near constant campaign of cyber-theft,...

Read More

Podcast: A Career in Cybersecurity

What is 'Cybersecurity', why is it so important today, and why do developed western societies need better cyber protection? Join Denver University Adjunct Professor and Chief Security Strategist for Cylera, Richard Staynings, as he describes the risks, rewards and opportunities for those seeking a career in this rapidly growing field. ...

Read More

Pueblo Community College Cybersecurity Lecture

 It was great to present to the students and faculty of Pueblo Community College in southern Colorado this past week. The opportunities for those entering the profession from ICT cybersecurity and Healthcare programs like those at PCC are tremendous. My thanks to the faculty for organizing such a great event and to Mike Archuleta, CIO at nearby Mt San Rafael Hospital and fellow Health Informatics and Cybersecurity Luminary who also presented...

Read More

Challenges for 21st Century Healthcare

Healthcare currently faces many unique challenges. It is an industry currently undergoing the most dramatic transformation in its history. Covid-19 ravaged hospital finances and forced providers to pivot from lucrative consults and elective surgeries to pandemic emergency care. This in turn led to the need for another (long overdue) pivot towards telehealth, telemedicine and remote health services as patients were told to avoid hospitals. And of...

Read More

The New Reality of Securing Healthcare

Securing healthcare has never been either easy or straight forward given the patient safety dynamic of the industry, but after nearly two years of dealing with the global COVID pandemic, that challenge is now a whole lot harder. COVID19 caused a massive an immediate pivot across healthcare as patients consults were forced to go online via telehealth and telemedicine. At the same time non-clinical healthcare workers were sent away from hospitals...

Read More

Securing Healthcare in a Post-Covid World

Plainly COVID has changed the paradigm of global healthcare delivery. The industry was forced to pivot quickly to a new and alarming reality and make changes that were necessary but largely unplanned. The pandemic brought about the greatest change to Healthcare technology and working practices ever seen outside of war.COVID forced us to quickly provide new forms of remote delivery of healthcare services to our patients via telehealth, telemedicine...

Read More

Securing Patient Data, Ensuring Privacy, and Building Trust

With thousands of new medical devices and healthcare applications being designed and developed each year it's no wonder that hospitals have such a hard time securing them against cyber attack. With new innovative technologies that improve patient care and clinical outcomes there are many costs and concerns. Integration with other HIT and HIoT systems to accomplish true interoperability becomes increasingly difficult with legacy undocumented...

Read More

The Challenge of Securing Healthcare

What are the biggest challenges facing healthcare security leaders today and how do leaders navigate the almost insurmountable obstacles placed in their way? How can we overcome a long list of clinical, financial, operational, and technology risks to secure patient safety and ensure greater operational resiliency for healthcare services?Join me for an in-depth panel discussion on the challenges and opportunities that healthcare cybersecurity leaders are presented with today.Speakers:Esmond Kane, CISO Steward Health CareRichard Staynings, Chief...

Read More

The cybersecurity of our medical health devices

 Left-right: Richard Staynings, Chief Security Strategist, Cylera; Jonathan Bagnall, Ph.D., Cybersecurity Global Market Leader, Philips; Andrew Pearce, Senior Digital Health Strategist, HIMSS Analytics (Moderator)   Healthcare is plainly a target of cyber criminal and offensive nation-state actors. Not a week goes by without at least one hospital or clinic somewhere being targeted by cyber extortionists or thieves. When COVID started to...

Read More

The ‘TRUE’ Cost of a Cyber Attack

It seems that every year the negative impact of a cyber attack reaches dizzying new levels – overlapping regulatory fines, restitution and identity / credit monitoring, punitive damages, and of course incident handling and clean-up costs for fixing what should have been fixed in the first place, had the organization understood the risks and not chosen to ignore them. But it’s not just as simple as writing off some vast sum of operating profit and...

Read More

Ryuk: Protecting Clinical Engineering from Ransomware Attack

An uptick in the Russian language criminal underground in the run up to the 2020 US presidential election, suggested a massive coordinated campaign to disrupt the United States by destructive ransomware attacks against US hospitals and other healthcare delivery organizations. Whether this was party motivated by the Kremlin to weaken democratic resolve and confidence in the US election systems is so far unknown, as is any intended manipulation of...

Read More

Safely Disposing of the Needle in the Haystack: Managing the Cyber Risks of Healthcare IoT

During the early months of the Covid-19 outbreak, healthcare professionals were overworked and under-supplied. Governments were in chaos and squabbling over even the simplest of safety measures. Frontline facilities overflowed with terrified patients.A nurse adjusts a face mask she’s been wearing for days. The message “smile for me” that she scribbled on in marker, is now as faded and hollow in message, as she feels in her ability to help the sick....

Read More

Healthcare needs all the help it can get.

Understaffed, under-equipped, and under-funded, for security tools and services, the healthcare industry is being targeted by cyber criminals and pariah nation states for the value of its assets. This includes its extensive PHI, PII and valuable clinical trail data and research IP. The Russian Federation and the Peoples Republic of China have both this year, been caught red-handed attempting to steal clinical trial and research data surrounding...

Read More

The Cost of a Data Breach

According to the IBM / Ponemon 2020 Cost of a Data Breach Report, data breaches cost businesses an average of $3.86 million per incident. The report is based on 524 companies that experienced data breaches globally. Unsurprisingly, the U.S. continues to have the highest average cost per breach ($8.64 million), while Brazil has the lowest one ($1.12 million). The cost of a data breach includes losses such as lost business, legal fees, and compensation...

Read More

Tweens and Technology

Cybersecurity interns and entry level recruits aren't dropped off by the stork - they need to be nurtured! I have written much about the need to better equip the children of today for the jobs of tomorrow, particularly when it comes to building a knowledgeable and capable cybersecurity workforce. The Cisco Annual Cybersecurity Reports and many other organizations with a vested interest in a ensuring a good pipeline of entry level recruits, have...

Read More

Cybersecurity As You Return to School

 With the COVID-19 pandemic forcing most undergraduate and postgraduate classes online, students face multiple challenges, not least of which is securing their work and study environment from increasing levels of cyber attack.As we are all distracted by our isolation at home, many of us forced out of our comfort zone, and with few opportunities to share concerns with others, cyber criminals know they have weak and easy targets.The following...

Read More

Ai Will Radically Change Healthcare Security

Artificial intelligence is becoming increasingly important in the defense of healthcare providers and patients, while the number and size of cyber attacks against the industry continues to rise to unprecedented levels. All this at a time when many of us are distracted by the current pandemic and in dire need of health services - perhaps now more than ever in our past, other than perhaps in times of kinetic military conflict.Our outdated...

Read More

Ai & Automation in Healthcare Security

An increasing reliance upon healthcare IT and IoT including thousands of medical devices and wearables to deliver health services is changing the balance of risk across the industry There was a fine balance between health technology services, risk and security before 2020. Some would say that this balance was nothing of the sort and that the entire healthcare life sciences industry has been accepting far too many cybersecurity risks for far too...

Read More

What Keeps Healthcare Security Leaders up at Night?

In these trying times of COVID-19, the cancellation of elective procedures and the general population "avoiding the Doctors Office like the Plague", it's no wonder that hospitals and other HDOs are furloughing staff and tightening their belts. But what does this mean for hospital cybersecurity programs? The impact of COVID-19 on the healthcare industry has been perhaps been even more dramatic than the transportation and tourism industry,...

Read More

Healthcare Needs better Access Control

  A rising tide of opportunistic ransomware and targeted nation state cyber attacks against medical research labs working on cures for COVID19 has made cybersecurity a turning point for most providers. Last week in the Cylera blog I wrote about Zero Trust which is slowly growing in popularity across organizations like Google, but has so far, only limited deployment across the healthcare industry. Zero trust may prove to be nothing more than...

Read More

A Career in Cybersecurity

Anyone who maybe considering their career choices will have noticed that there are a lot of job openings in the cybersecurity space. Every week someone, somewhere, is trying to hire a cybersecurity professional, or so it seems. The job ads are full of openings and anyone with 'cybersecurity' on their Linkedin profile or online resume is probably getting connection requests from recruiters like they just won a large sum of money and offered...

Read More