FOCUS ON CYBERSECURITY

Cybersecurity strategy: Hackers have one, do you?

Weaponized malware, hackers holding data hostage, social engineering and spearphishing campaigns — those are just the basic attack types common today. Hospitals also have to safeguard against the next big threat to health data when there’s literally no way to know what it will look like or when it might come.

During October, we talk to infosec executives and experts about the problems and practical steps to securing sensitive data, advice about what to do (and what not to do) during and after a security incident, and a look at emerging trends, such as analytics and evidence-based security that hospitals should know about.

What you need to know

News

How to build an effective cybersecurity strategy on a tight budget

by Beth Jones Sanborn

Basic building blocks of a good information security plan can be found at lower costs than many might expect.

News

Medical device vendor disables internet updates over hacking risk, FDA alerts

by Jessica Davis
The Food and Drug Administration issued a cybersecurity alert on two Medtronic devices that could al
News

CISOs offer insights into patch management strategies

by Mike Miliard

Keeping software up to date without disrupting care delivery requires a plan for regular patching – and responding to emergency alerts when necessary.

News

Securing legacy medical devices is daunting – but not optional

by Dave Muoio

Skipping out on comprehensive device documentation and risk assessment will cripple an organization's cybersecurity program, experts say.

News

HIPAA and data sharing: Rethinking both for the Digital Age

by Corinne Smith

As HIPAA was written when most providers still used paper charts, the framework today has plenty of room for improvement.

News

HITRUST kicks off program to give security support to startups

by Jessica Davis
HITRUST launched a security program to help start-up companies bolster their privacy and security fo
News

How to flip a cybersecurity event into building more resources

by Tom Sullivan

Security experts share insights about crafting lessons learned plans to obtain more resources — and one critical mistake to avoid.

News

GDPR four months in – what has changed?

by Leontina Postelnicu

As compliance continues to be a point of concern, we take a look at the implications of GDPR for UK health and care.

News

How to find the cyberattack hiding from view

by Jessica Davis

The healthcare sector is well-aware that medical devices are vulnerable, but it’s hard to obtain the extra resources to fix the issue.

News

Using data and analytics to protect health information

by Dan Costantino

Penn Medicine CISO Dan Costantino outlines the steps to gathering information so you can plan strategically and educate the business about threats.

News

BlackBerry launches Spark platform for secure connectivity

by Laura Lovett

BlackBerry' new healthcare-related security products include a blockchain system for medical data and operating system for secure medical devices.

News

Ethical hacking: What to look for in a pen tester

by Jessica Davis

Simulated attacks on a healthcare organization can help infosec leaders assess their security posture, but not all pen testers are created equal and not every provider is ready to be tested.

News

Cybersecurity tops ECRI's list of Top 10 Health Technology Hazards

by Mike Miliard

The prospect of hackers gaining access to remote access to networked IT systems and connected medical devices raises concerns about serious safety risks.

News

Focus on Cybersecurity: 3 charts take a pulse of infosec today

by Tom Sullivan

New HIMSS Media research outlines hospitals’ top security concerns, ranks ways they’re addressing the problem and pinpoints who builds strategy and policy.

News

How not to handle a data breach

by Jessica Davis

As seen with Nuance and the Allscripts lawsuit, when a breach or cyber incident occurs – like ransomware or network outage – an organization can face serious ramifications for failing to be transparent about what happened.

Healthcare Security Forum

News

Debunking the cybersecurity thought that humans are the weakest link

by Tom Sullivan

Experts at the HIMSS Healthcare Security Forum said the next phase of infosec should be to secure the human and put safety nets in place to protect them.

News

HIMSS Healthcare Security Forum to focus on breach response

by Jessica Davis

Former White House CIO and CBS star Theresa Payton will keynote the two-day event, focused on the threat landscape, boardroom involvement and the tools to shore up vulnerabilities.

Cyber Insurance

News

What you need to know about cyber insurance

by Jessica Davis

Part one of our cyber insurance series focuses on cyber policies and how organizations need to do their homework to ensure they’re covered after a breach.

News

Key to cyber insurance process is finding the right broker

by Jessica Davis

Part two of our cyber insurance series highlights the need for healthcare organizations to compare prices and find a carrier willing to partner on cybersecurity.

ACTIVE THREATS

News

HHS HCCIC cybersecurity alert: New Ryuk ransomware quickly racking up damage

by Jessica Davis

Similar to the notorious SamSam variant that has wreaked havoc on the healthcare sector, the new ransomware only infects crucial assets and resources.

News

Texting use at UK NHS adds new security concerns

by Mike Miliard

Although the health system has been repeatedly dinged for lax security practices, most NHS hospitals aren't discouraging use of consumer messaging tools.

News

Fax machines can be hacked to breach a network, using only its number

by Jessica Davis

While CMS Administrator Seema Verma called for the end of fax machine use by 2020, new Check Point research found a hacker could steal data from a flaw in the fax protocol.

News

Cybersecurity pros share countermeasures for protecting against insider threats

by Bill Siwicki

Active training via simulated phishing, progressive disciplinary measures, disabling hyperlinks and document execution from emails are among the suggestions.

News

Homeland Security warns of spike in ERP system attacks

by Jessica Davis

The web-based applications are designed to help organizations manage finances, HR issues and more – meaning they contain troves of personal data sought by nation-state hackers and other cybercriminals.

News

How to protect your network when hackers can buy backdoors for $10

by Jessica Davis

With access to hacked machines cheaply available and thousands of new ports being added daily, it’s imperative to shore up this preventable threat.

News

What you need to know about GandCrab ransomware

by Jessica Davis

The newest variant of the prolific ransomware forms this year has been updated to include a stolen National Security Agency exploit.

News

SamSam ransomware hackers bank $6M and counting

by Jessica Davis

What experts are saying hospitals can do now to avoid falling prey to the ransomware as hackers show no signs of stopping.

Thought leaders on HIMSS TV

Video

Presentation: Dissecting the anatomy of a medical device hack

by HIMSS TV

Jeff Tully, security researcher at the UC Davis, and Christian Dameff, emergency medical doctor at the UC San Diego, break down how bad actors infiltrate medical devices and share tips for thwarting attacks.

Video

Presentation: 'Trust but verify' must be your guiding principle

by HIMSS TV

Jane Harper, director of privacy and security risk management at Henry Ford Health System, discusses why this mantra is essential in security risk management, especially when dealing with 3rd-party tools.

Video

Presentation: Agile security for the modern healthcare organization

by HIMSS TV

Anahi Santiago, CISO and Christiana Care Health System, discusses strategies healthcare companies can use to stay ahead of the evolving threat landscape.

Video

Presentation: Building an enterprise approach to mitigating risk

by HIMSS TV

Allyson Vicars, associate director of health IT research at the Advisory Board, give a deep overview of how healthcare providers can bake security sensibilities into every operation.

Video

Presentation: A look at healthcare security, now and for the future

by HIMSS TV

Lee Kim, director of privacy and security at HIMSS, gives a comprehensive overview of the threats, risks and emerging best practices tied to keeping healthcare data safe.

Video

Presentation: Managing today's healthcare information explosion

by HIMSS TV

Michael Archuleta, CIO and HIPAA and information security officer at Mt. San Rafael Hospital, takes a look at the security vulnerabilities that are putting sensitive data at risk.

HIMSS LEARNING CENTER

Upcoming Webinars / Webinar

Ask the Healthcare Industry: Phishing is a Pain

by Cofense

A third of all breaches target healthcare companies. If you're in healthcare, or any other industry for that matter, how do you know if your organization is ready for an attack?  

Upcoming Webinars / Webinar

The Future of Medicine: Protecting Privacy Without Impacting Quality of Care

by Okta
How do you ensure ease of access to patient records in a timely manner without compromising privacy?
Upcoming Webinars / Webinar

Compliance as Code: Automate Compliance Using Open Source Technology

by Red Hat
This session will review the OpenSCAP compliance as code offering and how to automate your complianc

Cybersecurity Investments

News

Still underinvesting in cybersecurity? It'll cost you

by Jessica Davis

A breach in financial services, the second most expensive sector, costs only half of what hospitals wind up spending.

News

Hospitals investing big in clinical communications

by Mike Miliard

Health system executives are convinced that mobile technology improves patient safety, but are looking for tools that feature robust security features, according to Black Book.