Year: 2019

With passwords becoming routinely compromised and users frequently concerned with memorizing lengthy and complex passwords, multi-factor authentication or MFA is becoming increasingly popular. However, the implementation of MFA solutions is not always properly executed to maximize efficiency and effectiveness. When implementing MFA, pause to consider: Have you identified the most...

Many CISOs and CIOs are constantly fighting for budget dollars and find themselves competing against other strategic initiatives within their organization. Gaining executive buy-in is critical to any successful cybersecurity program and is required to protect patient information adequately. Buy-in throughout the organization is increasingly more critical as the threat...

Having trouble finding, recruiting, and retaining the right level of cybersecurity talent to support your organization adequately? You can find comfort in the fact that you are not alone, as this challenge is impacting healthcare organizations across the country. Unfortunately, that comfort doesn’t fix your problem; but thinking differently might....

Many CISOs and CIOs struggle to find the most effective way to present their cybersecurity program to their board. Delivering this message in a meaningful way can prove to be important as your organization manages risks associated with cybersecurity. Pause to consider: Are you providing information about your program in...

Generic usernames pose an increased risk to digital environments, making them a desirable target for hackers. Most users don't realize that generic usernames such as “administrator, marketing, finance, surgery, and helpdesk” (among others) often have default passwords assigned to them; as a result, they are not often policed or audited...

Improperly managed privileged Active Directory accounts can introduce significant risk to healthcare organizations. There are several types of privileged accounts, including service accounts and administrator accounts. These accounts are valuable targets for attackers due to management difficulties and the level of access they provide. When managing privileged accounts, pause to...

Do your job responsibilities include overseeing or maintaining an environment that provides a secure platform for patient data and business resources? If so, you're probably alarmed by the daily headlines outlining phishing attacks that target healthcare industry employees. Pause to consider: Are your workforce members aware of current phishing trends...

Due to widespread adoption and a demand to improve patient outcomes, network-connected medical devices are playing a vital role in every health organization. These devices can decrease costs while increasing the quality of care patients receive. Despite the many advantages these devices offer, improper management can introduce significant risk to...

Many organizations understand the value of capturing and correlating log events from different security platforms and have invested heavily in Security Information and Event Management (SIEM). SIEM technologies allow organizations to combine custom use-cases tailored to their business with distributed threat intelligence and incident management. To get the most out...

One of the most common ways bad actors gain access to digital environments is by guessing passwords. With so many devices being interconnected, cracking into one device could mean access to several devices, as well as extensive access to sensitive information. It is always a good idea to change your password...

How often is remote access evaluated and monitored? In today’s environment, the majority of the healthcare workforce does not need remote access. However, a large segment of remote-access users retains access that they no longer use or need. Unused, open-access accounts need to be disabled. Pause to consider: When was...

Many healthcare organizations need a formal process to govern their organization’s security program. A strong security governance and strategy program will better position your organization to respond to changes in technology, regulatory laws, and the ever-changing threat landscape while effectively managing information security and privacy risk to the organization. Pause to...

Hopefully, by now, your information security team has a defined process in place to remove access or privileges when an employee is terminated or transfers to a new role in your organization. Most of us are quick to disable accounts in Active Directory or email, but do you have a...

It's no secret that the healthcare industry is highly susceptible to cyber-attacks. However, most executives don't realize that many attacks are directed at what's arguably an organization's weakest link: its workforce. Workforce members and their user accounts are generally targeted via phishing attempts or brute force attacks. Pause to consider:...

Vulnerability threat management [VTM] is a key fundamental for compliance with HIPAA.  Every healthcare organization should utilize VTM for foundational security management. To set your initiative up for success, pause to consider these essential factors: Are you performing authenticated or non-authenticated scans? Authenticated scans use authenticated user credentials to grant...

We often get so focused on individual tools, technologies, or processes that we don’t step back to evaluate the risk to the organization as a whole. Pause to consider these general questions to see if you’ve accounted for risk in your security program: Are you managing the risk of your...

The HHS Office for Civil Rights (OCR) issued new documentation on May 24, 2019 specifying requirements and prohibitions for which Business Associates are directly liable. The OCR is authorized to take enforcement actions against Business Associates for ONLY 10 specific HIPAA violations.  Some of these violations may include failure to:...

By nature, security technologies often have a broad spectrum of visibility into your devices, usage and environment. Pause to consider the following questions to determine if you’re getting the most value out of your security tools: Are you taking advantage of possible integrations? Security technologies work best when they are...

Data Loss Prevention (DLP) technologies often require a significant time commitment, both for deployment as well as for overall system management. Don't risk costly missteps and wasted resources when assessing potential DLP solutions for your organization. As you evaluate DLP technologies, pause to consider: How will DLP policy violations be...

The critical nature of connected medical devices, coupled with the fact that responsibility for the devices often lies with multiple teams, means managing the security of your connected medical devices requires unique and strategic planning. To ensure your connected medical device program is successful, pause to consider: How to Properly...

Partnership and engagement are critical in managed service engagements. These relationships differ from an on-demand type relationship, requiring a different approach for success. For these relationships to succeed, and for you to derive value from these engagements, a managed service organization must truly serve as an extension of your team....

Connected medical device security platforms can often provide more value than just security insights. To ensure you're receiving all the value from your connected medical device security platform, pause to consider: Questions to Answer About Managing Connected Medical Devices Are you leveraging visibility provided by your connected medical technology to...