FOCUS ON CYBERSECURITY

Cybersecurity strategy: Hackers have one, do you?

Weaponized malware, hackers holding data hostage, social engineering and spearphishing campaigns — those are just the basic attack types common today. Hospitals also have to safeguard against the next big threat to health data when there’s literally no way to know what it will look like or when it might come.

During October, we talk to infosec executives and experts about the problems and practical steps to securing sensitive data, advice about what to do (and what not to do) during and after a security incident, and a look at emerging trends, such as analytics and evidence-based security that hospitals should know about.

What you need to know

News

Focus on cybersecurity: 5 things we learned this month

by Tom Sullivan

Synthetic ID theft, infosec dashboards, the real weakest link and more factored into the security conversation during October.  

News

The real victim in health data breaches?

by Jessica Davis

Hackers can perform synthetic identify theft long after a cybersecurity event by piecing together data to conduct medical and insurance fraud.

News

Healthcare rapidly closing flaws, but employees pose threat

by Jessica Davis

Veracode found that the healthcare and retail sectors are reducing risk the fastest among other industries, but 75 percent of employees struggle with identifying best practices.

News

Why healthcare data may be more secure with cloud computing

by Jonah Comstock

But like with most things in healthcare, organizations need to keep following up after choosing the right vendor and signing an airtight contract to best protect data.

News

Poll: How is your cybersecurity posture?

by Healthcare IT News

Take our quick survey, and we'll report on the results, so you can get a sense of what your peers are using/leaning on to keep pace with hackers.

News

A CIO guide to building a dashboard for cybersecurity

by Bill Siwicki

KPIs, metrics and other must-haves hospitals should track continuously to protect medical and patient data.

News

How to build a security dashboard for startups

by Laura Lovett

Infosec experts share advice about what innovators should track, security-wise, when building new apps and devices.

News

CFOs guide to building a cybersecurity dashboard

by Jeff Lagasse

Password strength, multiple tabs and SOC audits are some of the means by which healthcare providers can protect sensitive patient data.

News

Secure patient data without a CISO

by Susan Morse

Hospitals and medical groups with limited security resources still have leadership options in managed care providers and virtual CISOs.

News

Why healthcare data may be more secure with cloud computing

by Jonah Comstock

But like with most things in healthcare, organizations need to keep following up after choosing the right vendor and signing an airtight contract to best protect data.

News

FDA, DHS to increase device security collaboration

by Jessica Davis

While the two federal agencies have worked together on vulnerability disclosures in the past, a new memorandum of agreement will improve coordination.

News

HIPAA lets providers text patients, but is it secure?

by Laura Lovett

As texting between patients and providers becomes more common, it’s imperative that providers consider the right platform to use and other security features to protect patient data.

News

How to build an effective cybersecurity strategy on a tight budget

by Beth Jones Sanborn

Basic building blocks of a good information security plan can be found at lower costs than many might expect.

News

Medical device vendor disables internet updates over hacking risk, FDA alerts

by Jessica Davis
The Food and Drug Administration issued a cybersecurity alert on two Medtronic devices that could al
News

CISOs offer insights into patch management strategies

by Mike Miliard

Keeping software up to date without disrupting care delivery requires a plan for regular patching – and responding to emergency alerts when necessary.

News

Securing legacy medical devices is daunting – but not optional

by Dave Muoio

Skipping out on comprehensive device documentation and risk assessment will cripple an organization's cybersecurity program, experts say.

News

HIPAA and data sharing: Rethinking both for the Digital Age

by Corinne Smith

As HIPAA was written when most providers still used paper charts, the framework today has plenty of room for improvement.

News

HITRUST kicks off program to give security support to startups

by Jessica Davis
HITRUST launched a security program to help start-up companies bolster their privacy and security fo
News

How to flip a cybersecurity event into building more resources

by Tom Sullivan

Security experts share insights about crafting lessons learned plans to obtain more resources — and one critical mistake to avoid.

News

GDPR four months in – what has changed?

by Leontina Postelnicu

As compliance continues to be a point of concern, we take a look at the implications of GDPR for UK health and care.

News

How to find the cyberattack hiding from view

by Jessica Davis

The healthcare sector is well-aware that medical devices are vulnerable, but it’s hard to obtain the extra resources to fix the issue.

News

Using data and analytics to protect health information

by Dan Costantino

Penn Medicine CISO Dan Costantino outlines the steps to gathering information so you can plan strategically and educate the business about threats.

News

BlackBerry launches Spark platform for secure connectivity

by Laura Lovett

BlackBerry' new healthcare-related security products include a blockchain system for medical data and operating system for secure medical devices.

News

Ethical hacking: What to look for in a pen tester

by Jessica Davis

Simulated attacks on a healthcare organization can help infosec leaders assess their security posture, but not all pen testers are created equal and not every provider is ready to be tested.

News

Cybersecurity tops ECRI's list of Top 10 Health Technology Hazards

by Mike Miliard

The prospect of hackers gaining access to remote access to networked IT systems and connected medical devices raises concerns about serious safety risks.

News

Focus on Cybersecurity: 3 charts take a pulse of infosec today

by Tom Sullivan

New HIMSS Media research outlines hospitals’ top security concerns, ranks ways they’re addressing the problem and pinpoints who builds strategy and policy.

News

How not to handle a data breach

by Jessica Davis

As seen with Nuance and the Allscripts lawsuit, when a breach or cyber incident occurs – like ransomware or network outage – an organization can face serious ramifications for failing to be transparent about what happened.

Healthcare Security Forum

Video

Build security best practices like a marriage

by HIMSS TV

Jane Harper, Director Privacy & Security Risk Management at Henry Ford Health System, discusses how third party risk management should be viewed like a romantic relationship – from the dating stage through the prenup, marriage, and even divorce.

News

Consumerism driving new cybersecurity model

by Tom Sullivan

It starts with hiring "hardcore cloud animals," to change the culture and rethink infosec’s role in patient experience.

News

Debunking the cybersecurity thought that humans are the weakest link

by Tom Sullivan

Experts at the HIMSS Healthcare Security Forum said the next phase of infosec should be to secure the human and put safety nets in place to protect them.

News

Healthcare infosec leaders rank security posture, maturity just ‘average’

by Jessica Davis

While healthcare organizations are better understanding and investing in cybersecurity needs, hackers are keeping pace -- and then some, according to a panel of CISOs at the HIMSS Security Forum in Boston.

Video

Trust is key with healthcare information security, technology

by HIMSS TV

Johns Hopkins Medicine CISO Darren Lacey shares his thoughts on the sector’s inherent problems, ransomware, remaining positive amid those threats and ways to keep up with hackers.

Video

Medical device vulnerabilities will impact patient safety

by HIMSS TV

Despite the healthcare sector’s awareness of medical device flaws, many are still focused on whether a patient has been harmed. But to UC San Diego researcher, emergency medicine provider Christian Dameff, MD, it’s more about retaining patient trust and ensure the technology doesn’t fail.

Video

Balancing access and usability with security is top priority for hospitals

by HIMSS TV

Chad Wilson, director of information security at Children’s National, explains how timely access to applications in a healthcare setting is measured in seconds so the balance between usability and security is a big challenge.

Video

Cybersecurity segmentation strategy mitigates digital disasters

by HIMSS TV

Theresa Payton, president and CEO of Fortalice Solutions, explains how to avoid digital disasters with a segmentation strategy that includes on-going testing with data, equipment and third-party vendors to put security assumptions to the test.

Video

Cybersecurity program ideal? Map frameworks together

by HIMSS TV

Brian Selfridge, partner at IT Risk Management for Meditology, also explains the evolving role of infosec leaders in the healthcare sector – including third-party vendor management.

Video

Execs faced with crisis need intellectual honesty from all levels

by HIMSS TV

Kirk Lippold, commander of United States Navy (RET), explains how intellectual honesty requires a commitment to sit down with people in the organization to review what happened after a crisis and find a new normal.

Cyber Insurance

News

Cyber insurance considerations with a breach

by Jessica Davis

The final chapter in our cyber insurance series outlines the legal considerations after a breach, mainly, ensuring the organization can choose its own investigator.

News

What you need to know about cyber insurance

by Jessica Davis

Part one of our cyber insurance series focuses on cyber policies and how organizations need to do their homework to ensure they’re covered after a breach.

News

Key to cyber insurance process is finding the right broker

by Jessica Davis

Part two of our cyber insurance series highlights the need for healthcare organizations to compare prices and find a carrier willing to partner on cybersecurity.

News

Policy mistakes to avoid when choosing cyber insurance

by Jessica Davis

Part three in our cyber insurance series highlights red flags and common mistakes to avoid when shopping for a cyber policy.

News

Cyber insurance considerations with a breach

by Jessica Davis

The final chapter in our cyber insurance series outlines the legal considerations after a breach, mainly, ensuring the organization can choose its own investigator.

HIMSS LEARNING CENTER

Upcoming Webinars / Webinar

Ask the Healthcare Industry: Phishing is a Pain

by Cofense

A third of all breaches target healthcare companies. If you're in healthcare, or any other industry for that matter, how do you know if your organization is ready for an attack?  

Upcoming Webinars / Webinar

The Future of Medicine: Protecting Privacy Without Impacting Quality of Care

by Okta
How do you ensure ease of access to patient records in a timely manner without compromising privacy?
Upcoming Webinars / Webinar

Compliance as Code: Automate Compliance Using Open Source Technology

by Red Hat
This session will review the OpenSCAP compliance as code offering and how to automate your complianc

ACTIVE THREATS

News

HHS HCCIC cybersecurity alert: New Ryuk ransomware quickly racking up damage

by Jessica Davis

Similar to the notorious SamSam variant that has wreaked havoc on the healthcare sector, the new ransomware only infects crucial assets and resources.

News

Texting use at UK NHS adds new security concerns

by Mike Miliard

Although the health system has been repeatedly dinged for lax security practices, most NHS hospitals aren't discouraging use of consumer messaging tools.

News

Fax machines can be hacked to breach a network, using only its number

by Jessica Davis

While CMS Administrator Seema Verma called for the end of fax machine use by 2020, new Check Point research found a hacker could steal data from a flaw in the fax protocol.

News

Cybersecurity pros share countermeasures for protecting against insider threats

by Bill Siwicki

Active training via simulated phishing, progressive disciplinary measures, disabling hyperlinks and document execution from emails are among the suggestions.

News

Homeland Security warns of spike in ERP system attacks

by Jessica Davis

The web-based applications are designed to help organizations manage finances, HR issues and more – meaning they contain troves of personal data sought by nation-state hackers and other cybercriminals.

News

How to protect your network when hackers can buy backdoors for $10

by Jessica Davis

With access to hacked machines cheaply available and thousands of new ports being added daily, it’s imperative to shore up this preventable threat.

News

What you need to know about GandCrab ransomware

by Jessica Davis

The newest variant of the prolific ransomware forms this year has been updated to include a stolen National Security Agency exploit.

News

SamSam ransomware hackers bank $6M and counting

by Jessica Davis

What experts are saying hospitals can do now to avoid falling prey to the ransomware as hackers show no signs of stopping.

Thought leaders on HIMSS TV

Video

Presentation: Dissecting the anatomy of a medical device hack

by HIMSS TV

Jeff Tully, security researcher at the UC Davis, and Christian Dameff, emergency medical doctor at the UC San Diego, break down how bad actors infiltrate medical devices and share tips for thwarting attacks.

Video

Presentation: 'Trust but verify' must be your guiding principle

by HIMSS TV

Jane Harper, director of privacy and security risk management at Henry Ford Health System, discusses why this mantra is essential in security risk management, especially when dealing with 3rd-party tools.

Video

Presentation: Agile security for the modern healthcare organization

by HIMSS TV

Anahi Santiago, CISO and Christiana Care Health System, discusses strategies healthcare companies can use to stay ahead of the evolving threat landscape.

Video

Presentation: Building an enterprise approach to mitigating risk

by HIMSS TV

Allyson Vicars, associate director of health IT research at the Advisory Board, give a deep overview of how healthcare providers can bake security sensibilities into every operation.

Video

Presentation: A look at healthcare security, now and for the future

by HIMSS TV

Lee Kim, director of privacy and security at HIMSS, gives a comprehensive overview of the threats, risks and emerging best practices tied to keeping healthcare data safe.

Video

Presentation: Managing today's healthcare information explosion

by HIMSS TV

Michael Archuleta, CIO and HIPAA and information security officer at Mt. San Rafael Hospital, takes a look at the security vulnerabilities that are putting sensitive data at risk.

Cybersecurity Investments

News

Still underinvesting in cybersecurity? It'll cost you

by Jessica Davis

A breach in financial services, the second most expensive sector, costs only half of what hospitals wind up spending.

News

Hospitals investing big in clinical communications

by Mike Miliard

Health system executives are convinced that mobile technology improves patient safety, but are looking for tools that feature robust security features, according to Black Book.