Healthcare Information Security Podcast

The framework for how cyber insurance policies are designed for healthcare sector organizations is evolving, especially as more entities experience "high impact" ransomware incidents, says former healthcare CISO Sumit Sehgal.

This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.

Advanced persistent threat actors will continue to "up their game," including taking advantage of the COVID-19 pandemic even as its impact diminishes, says Kelvin Coleman, executive director of the National Cyber Security Alliance.

When medical device makers provide a software bill of materials for components contained in their products, it's critical to make that voluminous security information actionable for healthcare customers, says Rob Suárez, CISO at medical device maker Becton Dickinson and Co.

Tal Kollender of Gytpol suggests a digital response comparable to the vaccine rollout in the physical world is needed to battle against the ransomware epidemic.

The number of data breach notifications jumped 140% in 2020 from the previous year, with a surge in attacks against less-regulated industries, according to Kroll's 2021 Data Breach Outlook. Brian Lapidus and Heather Williams of Kroll analyze the report's findings.

When seeking cyber insurance or other types of insurance policies that provide organizations with coverage for certain data security incidents, it's critical to carefully consider the "war exclusions" contained in those policies, says insurance attorney Peter Halprin.

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S. cybersecurity defenses.

You see the news: how many healthcare entities are struck by ransomware. But how many of them conducted business impact analyses before they were victims? Too few, says Cathie Brown of Clearwater. She discusses the value of doing a BIA before the crisis strikes.

As the cyberthreat landscape grows exponentially more complicated, the insurance industry is trying to keep pace. Yet, many organizations still lack cybersecurity insurance. Lynn Peachey, director of business development at Arete Incident Response, breaks down the basics of these insurance policies.

The latest edition of the ISMG Security Report features an analysis of lawmakers' grilling of Colonial Pipeline CEO Joseph Blount over his handling of the DarkSide ransomware attack. Also featured: How the FBI helped trick criminals into using an encrypted communications service that it was able to monitor.

The latest edition of the ISMG Security Report details the ongoing wave of ransomware attacks, including the disruption of JBS, the world's largest supplier of meat. Also featured are police busting criminals who formerly used the EncroChat communications network and the strategies for filling the cyber skills gap.

The latest edition of the ISMG Security Report features an analysis of the city of Tulsa's decision to refuse to pay a ransom following an attack. Also featured: Johnson & Johnson's CISO on shifting priorities; mitigating quantum computing risks.

The U.S. government should more closely collaborate with Big Tech companies to better respond to the surge in ransomware attacks and other cybercrimes hitting healthcare and other sectors, says crisis management and investigations attorney Bill Moran.

Evolving ransomware attacks pose a growing threat to the integrity of electronic health records, says Michael Hamilton, CISO at the security firm CI Security, who calls for heightened attention to EHR security.

The latest edition of the ISMG Security Report features highlights from RSA Conference 2021 conference, including the emphasis on "resilience."

Janine Darling, the founder and CEO of STASH Global, discusses the pervasive and persistent problem of ransomware and how to mitigate the risks.

Remote work, unsecured devices, susceptibility to influence - insider threat management has undergone its own transformation over the past year-plus. Rich Davis and Andrew Rose of Proofpoint offer insights into the latest risk trends, as well as technology solutions to aid the defenders' efforts.

The recent Colonial Pipeline ransomware attack illustrates the vulnerability of the nation's critical infrastructure, says Richard Stiennon, a research analyst and the author of "Security Yearbook 2021: A History and Directory of the IT Security Industry."

With cyber incidents involving vendors - including cloud services providers - surging, healthcare entities must step up scrutiny of their business associates as well as those companies' subcontractors, says Thad Phillips, CISO at Baptist Health Care in Pensacola, Florida.