Vendors should be more transparent and faster in communicating when they experience a breach or other security incident that affect clients' data, says Anahi Santiago, CISO at ChristianaCare. "Sometimes we find out about these incidents through our third-party monitoring systems," she said.
Generative AI tools such as ChatGPT will undoubtedly change the way clinicians and healthcare cybersecurity professionals work, but the use of these technologies come with security, privacy and legal concerns, says Lee Kim of the Healthcare Information Management and Systems Society.
Effective security governance in a healthcare entity is a balancing act that requires sponsorship by top leadership and careful consideration of the concerns of clinicians and others in the organization, according to Eric Liederman and deputy CISO Steven Frank of Kaiser Permanente.
The FDA's new cybersecurity policy is a "watershed moment" for the industry, says Kevin Fu of Northeastern University. The agency will soon begin rejecting manufacturers' new medical device submissions that lack detailed cybersecurity measures, which will help ensure uniformity, he says.
New resources released Monday from a high-profile federal advisory group provide insights into the state of healthcare sector preparedness and best practices for dealing with evolving cyberthreats, according to Erik Decker, CISO of Intermountain Healthcare and co-chair of the task force.
Healthcare entities of all types and sizes could be the next targets of major cybersecurity attacks, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency. Healthcare firms need to be vigilant against ransomware, DDoS and medical device breaches, he said.
A 3-month-old federal law meant to future-proof federal computers from quantum computer decryption will have an effect on healthcare sector entities, too, says Mac McMillan, founder and CEO emeritus of privacy and security consulting firm CynergisTek.
In this episode of "Cybersecurity Unplugged," Craig Box, vice president of open source and community at ARMO, discusses the complexity of using Kubernetes in a hybrid cloud environment, the need to understand "how these moving parts work together" and potential use of Kubernetes with 5G.
In this episode of "Cybersecurity Unplugged," Patricia Muoio, a partner at SineWave Ventures, discusses the need for cyber resilience as security leaders face the inevitable stream of cybercrimes, how to achieve it through a zero trust approach, and how CISOs and the government can help.
In this episode of "Cybersecurity Unplugged," Chris "Tito" Sestito discusses technology to protect neural networks and artificial intelligence and machine-learning models, and John Kindervag explains how such technology fits into the zero trust framework.
In this episode of "Cybersecurity Unplugged," David Derigiotis of insurtech Embroker discusses the complex world of cyber liability insurance, including the collapse of crypto exchange FTX, recent breaches, and improvements in the cyber insurance industry.
Legislation requiring vendors to design cybersecurity into their medical devices is a great first step to help healthcare entities, but organizations will still face major risks involving legacy medical gear for many years to come, says Daniel dos Santos, research leader at security firm Forescout.
In this episode of "Cybersecurity Unplugged," Galit Lubetzky Sharon, CTO of Wing Security, discusses the challenge of securing SaaS applications, which are decentralized and ever-expanding. She describes how Wing Security manages app inventories and issues of compliance, remediation and privacy.
In this episode of "Cybersecurity Unplugged," Steve Stone of Rubrik Zero Labs discusses the State of Data Security Report, which focuses on the impact of cybersecurity attacks on IT leaders, especially CISOs. Stone outlines areas of concern after an attack and changes needed to improve security.
To help U.S. healthcare sector organizations better tackle some of the top challenges involving vendor risk management, a coalition of CISOs has launched the Health3PT Council. Members John Houston of UMPC and Omar Khawaja, former CISO of Highmark Health, describe the effort.