Government Information Security Podcast

Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.

Over the past decade, many healthcare cybersecurity programs have evolved from "recovery" to "resilience." But Jon Moore of Clearwater says resilience is no longer sufficient against relentless attackers. He now promotes a philosophy that embraces "antifragility," including more and varied testing.

The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.

The latest edition of the ISMG Security Report features an analysis of the recent surge in Russian cyber interference in Ukrainian government and civilian networks, the impact of China's privacy law, and the battle against cryptocurrency cybercrime.

The latest edition of the ISMG Security Report features highlights from interviews in 2021 and examines President Joe Biden's executive order on cybersecurity, ransomware response advice and assessing hidden business risks.

Health technology providers - including makers of mobile health apps, personal health records, fitness devices and other related products - must keep a watchful eye on critical evolving privacy and regulatory issues in the months ahead, says attorney Brad Rostolsky of the law firm Reed Smith.

Two years into the pandemic, pharmaceutical firms remain a top target for cybercriminals, and that trend will undoubtedly persist in 2022, says Paul Prudhomme, a former Department of Defense threat analyst who is now a researcher with cybersecurity threat intelligence firm IntSights.

The Cloud Security Alliance's new medical device incident response playbook aims to help healthcare entities plan for security incidents involving different types of devices, taking into consideration varying patient safety issues, say co-authors Christopher Frenz of Mount Sinai South Nassau and Brian Russell of TrustThink.

The latest edition of the ISMG Security Report features an analysis of the most recent developments in the Log4j security flaw crisis, ransomware-era incident response essentials and what to expect from cybersecurity in 2022.

Sherry Lowe, who has been in senior leadership in the marketing space for over a decade, focuses on not letting metrics kill marketing. She discusses injecting more creativity into cybersecurity marketing strategy and standing out in a market full of look-alikes.

The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.

How serious is the Apache Log4j zero-day vulnerability that was announced to the world on Friday? "It's big," says Sam Curry, chief security officer at Cybereason, which has developed a "vaccine" to help. "I hate hyperbole generally," Curry says. "But it is a 10 on the criticality scale."

The latest edition of the ISMG Security Report features an analysis of how the U.S. military has been "imposing costs" on ransomware groups. Also featured: a twist in the case of the Missouri governor vs. an alleged "hacker," and CyberTheory's Steve King on "why Zero Trust?"

With the support of the recent executive order on improving the nation's cybersecurity, Zero Trust strategy is gaining greater recognition. But there is still a degree of resistance to Zero Trust adoption. Dr, Chase Cunningham, CSO of Ericom, discusses this and other issues around Zero Trust.

Cybersecurity experts worry about attacks and ransomware directed at the 70,000 water and wastewater facilities in the U.S. In November 2020, the Hampton Roads Sanitation District was infected with Ryuk ransomware. Fortunately, its operational technology systems were unaffected, and it recovered.

The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.

In this episode of "Cybersecurity Unplugged," Dan Bowden, CISO at Sentara Health, discusses telemedicine, IoMT, and explains why we’re lagging so far behind in healthcare security. "It’s because of how the data is managed, data standards, data integrity."

The latest edition of the ISMG Security Report features an analysis of how organizations can reduce risk especially over holidays and weekends, when attackers are most likely to strike. Also featured: Highlights from Ireland's IRISSCON 2021 cybercrime conference; what's ahead for COVID-19 and the workplace?

Ransomware attacks have become the game changer in driving up security requirements, policy premiums and rejection rates for healthcare sector entities seeking new cyber insurance policies or renewals, says Doug Howard, CEO of privacy and security consultancy Pondurance.

Drawing on his deep background in technology, government and law, cybersecurity adviser Tony Scott delves into many pressing issues in cybersecurity today - including zero trust. In this episode of "Cybersecurity Unplugged," he says organizations should get started on the journey now.