Data Breach Today Podcast

It is essential that entities across all industries - and especially in healthcare - better prepare every type and level of worker on how to respond to potentially devastating ransomware attacks, says privacy and security attorney Erik Weinick of law firm Otterbourg PC.

The latest edition of the ISMG Security Report features an analysis of how Russia's escalation in Ukraine is raising cyber defense alarms. It also describes how a Dark Overlord collaborator received a three-year prison sentence and shares tips for Zero Trust implementation.

As ransomware and other disruptive security incidents continue to surge, cyberattacks rank as the top health technology hazard in hospital environments this year, say security experts Chad Waters and Juuso Leinonen of patient safety organization ECRI.

Ravi Patil, director of product management and strategy at Broadcom, says partnering with customers to develop cybersecurity marketing "offers a markedly superior customer experience than a traditional vendor that might just sell the software and walk away until the contract is up."

Healthcare organizations must carefully scrutinize any implementation of applications, software suites and other technology platforms that could contain open-source code because of the risks - including potential patient safety issues - posed by these components, says attorney Steven Teppler.

The latest edition of the ISMG Security Report features an analysis of whether a new ransomware operation is a spinoff of the notorious REvil or simply copying the group's moves; how Maersk responded to the NotPetya wiper malware attack; and essential incident response skills.

Kyle Flaherty has worked with a range of companies, changing the worlds of big data, IoT, BYOD, SaaS, open-source software, network security, fraud detection, data analytics, marketing automation and network management. He weighs in on brands and how metrics feed different audiences.

Maersk was one of dozens of organizations crippled by the NotPetya malware in June 2017. Gavin Ashton and Bharat Halai worked in identity and access management at Maersk and share how the company's technology team tirelessly brought the company back from the brink of an IT systems meltdown.

The latest edition of the ISMG Security Report features an analysis of whether the cyberattacks that hit Ukraine's government agencies last week are attributable to any group or nation-state along with updates to the cybersecurity executive order and illicit cryptocurrency trends.

Among the simplest things that vendors can do to help improve the cybersecurity of their products is providing better transparency, especially regarding the third-party components contained in their technology, says Rob Suárez, CISO of medical device maker Becton Dickinson.

Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.

Over the past decade, many healthcare cybersecurity programs have evolved from "recovery" to "resilience." But Jon Moore of Clearwater says resilience is no longer sufficient against relentless attackers. He now promotes a philosophy that embraces "antifragility," including more and varied testing.

The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.

The latest edition of the ISMG Security Report features an analysis of the recent surge in Russian cyber interference in Ukrainian government and civilian networks, the impact of China's privacy law, and the battle against cryptocurrency cybercrime.

The latest edition of the ISMG Security Report features highlights from interviews in 2021 and examines President Joe Biden's executive order on cybersecurity, ransomware response advice and assessing hidden business risks.

Health technology providers - including makers of mobile health apps, personal health records, fitness devices and other related products - must keep a watchful eye on critical evolving privacy and regulatory issues in the months ahead, says attorney Brad Rostolsky of the law firm Reed Smith.

As healthcare entities set out to better secure cloud application development and management, there are several critical considerations they must not overlook. Key among these: "the need to move to a DevSecOps model in the first place," says Adrian Mayers, CISO of health insurer Premera Blue Cross.

Preventing rogue device attacks is a critical component of Baptist Health's zero trust strategy, says Michael Erickson, CISO of the healthcare delivery system, which operates nine hospitals and other care facilities in Kentucky and Indiana.

Two years into the pandemic, pharmaceutical firms remain a top target for cybercriminals, and that trend will undoubtedly persist in 2022, says Paul Prudhomme, a former Department of Defense threat analyst who is now a researcher with cybersecurity threat intelligence firm IntSights.

The Cloud Security Alliance's new medical device incident response playbook aims to help healthcare entities plan for security incidents involving different types of devices, taking into consideration varying patient safety issues, say co-authors Christopher Frenz of Mount Sinai South Nassau and Brian Russell of TrustThink.