Stuck in the Middleware: Hidden Medical Device Security Weaknesses

Medical device and IoT unmanaged devices have introduced a significant hurdle for security teams to protect critical healthcare information and systems. A strategic direction for managing medical devices should be captured in a formal medical device security program and strategic plan. And while the “device” itself should be carefully evaluated for security risks, additional focus should be given to the middleware and platforms running behind the scenes. Read More

Why Vendor Security Risk Management Belongs on the Boardroom Agenda

Even as third-party data breach activity continues to grow, the importance of third-party data security in board-level risk management strategy is not growing to match the need. In November 2018, the Ponemon Institute reported that among U.S. firms surveyed, 61 percent experienced a breach caused by third parties, which is up from the previous year at 56 percent. However, only 46 percent of firms surveyed say managing relationship risk is a priority. Read More

Ethical Hacking | The Miracle Immunity Booster

Cyber Hygiene consists of the practices and steps required to ward off potential viruses, data hijack attempts and intruders invading your information systems. Good hygiene is a major part of preventative healthcare for humans, but also for healthcare information systems. But just setting up employee training, policies and procedures is only covering the surface area of good cyber hygiene. Audits are akin to going for a health check up or dental cleaning. But what about other preventative measures before the annual “checkup”? Read More

No More Staffing Bottlenecks! | Addressing IT Security Staff Shortages

Are you part of a health care organization that is having a difficult time filling information security positions needed? Perhaps many security projects are slowing down to a trickle or coming to a complete standstill as your security program initiatives get backed up. Don’t worry, you are not alone. According to ISC2, the global information security workforce shortage is expected to hit almost two million by 2022, demonstrating a staggering 20% increase from 2015. Read More

We Need More Astronauts: Using Managed Services to Address Cyber Staffing Shortages (Part 5 of 5)

Just as the U.S. Space Program has dwindled its staff in recent years and partnered with private industry for support, healthcare organizations are also feeling the pinch of not enough qualified IT and Security staff members to navigate the largely uncharted territory of cyberspace. Is your healthcare organization having a difficult time filling information security and privacy positions? Perhaps many security projects are slowing down or coming to a complete standstill as your security program initiatives get backed up. Read More

Outer Space and Cyberspace Are Dangerous Places (Part 4 of 5)

Each time a shuttle, rocket, person or animal is shot into space, spectators watch because we can visualize and imagine the risks. We understand a lack of oxygen, gravitational force, water and food creates extreme survival difficulties. However, the risks and dangers of operating health practices in cyberspace are less visible. There is no “blast-off” of your health record or financial information rocketing into the unknown with a huge fuel cloud to mark the occasion. Still, the information is going into the great, wide unknown, often without adequate information security and risk analysis and protections. Read More

Healthcare’s Space Junk: Medical Device & IoT Security (Part 3 of 5)

At the beginning of space exploration, lost satellites and flight equipment was probably not high on the space program’s priority list. Once satellites were launched and replaced, then the topic of lost “space junk” emerged. Medical device and IoT inventory management poses a similar issue in our industry. Not knowing where devices are located is a red flag in managing data security; as a treasure trove of data may be resident on the devices themselves. Read More

GDPR: Different Galaxy, Different Security & Privacy Rules (Part 2 of 5)

For decades, we’ve imagined the different life forms we might encounter while traveling in space. The series Star Trek has entertained generations by imagining how things might be different in another galaxy. Likewise, in healthcare; Europe’s newly revised security and privacy directives under the General Data Protection Regulation (GDPR) have us feeling like we need to update security and privacy programs to meet the standards of another galaxy. Many CISOs and Privacy executives are asking the questions, “Does GDPR apply to us?” or “How will GDPR be enforced for US-based healthcare organizations?” Read More