CISO Brief: August 2025 Cybersecurity Threat Recap & Fall Outlook
August 2025 underscored a reality for healthcare cybersecurity leaders: AI is an asset and an attack surface. This past month, we witnessed some notable AI realities, including early warning signs of “AI fatigue” as enterprises struggle to realize the promised efficiencies. This month’s themes highlight two sides of the same coin: adversaries weaponizing AI to […]
Leveling Up Healthcare Cybersecurity Teams From “Overwhelmed to Elite”
Many healthcare IT/cyber teams are small and resource-constrained – often on the brink of burnout. They don’t have the headcount of larger organizations, yet they still have the potential to be elite. That’s the topic explored in a new Fortified webinar called “Overwhelmed To Elite: Leveling Up Healthcare Cybersecurity Teams”. The webinar contains helpful tips […]
Why a Risk Assessment is the First Step Toward Cyber Resilience in Healthcare
Knowing where to begin. That’s the biggest challenge most healthcare leaders face when it comes to maturing their cybersecurity programs. From HIPAA requirements to NIST frameworks, the regulations and risks can feel overwhelming. That’s why a risk assessment is often the smartest first step. The Problem to Solve Healthcare organizations are required to conduct periodic […]
August 2025 CISO Brief: Policy, Funding, and the Path Forward
How federal staffing cuts, government restructuring, and Medicaid policy shifts threaten the cybersecurity posture of our healthcare system. In a recent set of Questions for the Record (QFRs), Senator Edward Markey highlighted growing vulnerabilities in the cybersecurity infrastructure supporting the U.S. healthcare system. These questions, submitted to the Senate HELP Committee, signal urgent concern over […]
In Honor of Kevin Mitnick: What Healthcare Must Learn About Social Engineering
This article was developed by Fortified Health Security experts, Don Kelly, Troy Cruzen, and Bob Thurner, drawing from their real-world experience in vCISO management and consulting roles. Kevin Mitnick was once the most wanted hacker in the U.S. and taught us one critical truth: people, not systems, are the easiest way in. On August 6, […]
Iredell Health Sees Major Benefits from an Outsourced SOC
When a bank or large retailer experiences a cyberattack, there can be financial repercussions, but no one’s health is in jeopardy. That’s not the case with hospitals. What works in a traditional Security Operations Center (SOC) can fail in a hospital setting, with life-or-death consequences. That’s why Iredell Health System recently transitioned to a 24/7 […]
Proven Ways to Strengthen Active Directory Security
There are essentially three threat paths that bad actors take to access an Active Directory in order to compromise and control a hospital system: social engineering, third-party compromise, and system vulnerability compromise. In our new webinar, Intermountain Health’s cybersecurity director, Shawn Anderson, explores proven ways to strengthen Active Directory security by thwarting intruders’ attempts to […]
Respond and Remediate: A CISO’s Guide to the SharePoint Zero-Day Vulnerabilities
The active exploitation of two Microsoft SharePoint zero-day vulnerabilities should serve as a clear signal to every healthcare CISO: we are out of time. CVE-2025-53770 and CVE-2025-53771 are not theoretical threats; they are actual security vulnerabilities. They are compromising systems right now, bypassing security controls, and establishing remote code execution access in SharePoint environments worldwide. […]
2025 Mid-Year Horizon Report: Why Now Is the Time to Think Differently
Fortified Health Security just released its biannual 2025 Mid-Year Horizon Report, offering a unique view into what is really happening inside cybersecurity at hospitals, healthcare systems, and their extended digital environments. At the midpoint of 2025, we’re seeing healthcare organizations take cybersecurity more seriously, investing in innovative tools and better frameworks; however, some of the […]
Helping Rural Hospitals Maximize Cybersecurity Budgets
Rural hospitals understand adversity as leaders are always dealing with pressures like tight operating margins and limited resources, especially when it comes to cybersecurity budgets. As these hospitals push to deliver care in some of the nation’s most underserved regions, cybersecurity challenges are becoming increasingly difficult to ignore. A recent survey by Black Book Research […]