CISO Brief: October 2025 Cybersecurity Threat Recap & Insight
October delivered two wake-up calls for healthcare cybersecurity leaders: a critical WSUS remote-code execution flaw that exposed update-chain integrity and a major AWS US-EAST-1 outage that disrupted global services for hours. Together, they underscored a single truth—even trusted infrastructure and cloud providers can become a single point of failure. This month’s CISO Brief for October […]
Lessons from the Front Lines: The Perspective of a Cyberattack from the Nursing Floor
A longtime nurse has seen the impact of cyberattacks up close and personal. Don Neal is a Certified Registered Nurse Anesthetist (CRNA) with nearly 50 years of healthcare experience. As a self-described “old-timer,” he experienced the shift to healthcare technology firsthand, from using electronic charting to switching to automated blood pressure machines. While he says […]
Lessons From the Front Lines: How One Hospital Survived 30 Days Offline
For healthcare leaders, there’s no good time for a cyberattack, but they’re especially aggravating when they hit while you’re on vacation. That’s what happened to Katrina Brown, chief nursing officer of Providence Hospital in Mobile, Alabama, when the EMR system and other software went down while she was in Hawaii. The Response Strategy: Taking Quick […]
Lessons from the Front Lines: Learning from the SolarWinds Attack
Two security engineers take us into the trenches—and talk about what happened afterward. James Edgell and Dan Colon work in IT security for Lawrence General Hospital in Lawrence, MA. Normally they spend their days scanning systems, working on cybersecurity awareness newsletters, coordinating with Fortified on business impact analyses, and other routine tasks. However, it wasn’t […]
CISO Brief: Cybersecurity Awareness Month 2025
Since the start of 2025, the healthcare sector has continued to experience cyber incidents that have disrupted patient care, exposed millions of records, and reshaped organizational thinking about resilience. Cybersecurity Awareness Month is not just about reminding people of risks; it’s about translating real-world events into actionable lessons. Below is a look back at the […]
CISO Brief: August 2025 Cybersecurity Threat Recap & Fall Outlook
August 2025 underscored a reality for healthcare cybersecurity leaders: AI is an asset and an attack surface. This past month, we witnessed some notable AI realities, including early warning signs of “AI fatigue” as enterprises struggle to realize the promised efficiencies. This month’s themes highlight two sides of the same coin: adversaries weaponizing AI to […]
Respond and Remediate: A CISO’s Guide to the SharePoint Zero-Day Vulnerabilities
The active exploitation of two Microsoft SharePoint zero-day vulnerabilities should serve as a clear signal to every healthcare CISO: we are out of time. CVE-2025-53770 and CVE-2025-53771 are not theoretical threats; they are actual security vulnerabilities. They are compromising systems right now, bypassing security controls, and establishing remote code execution access in SharePoint environments worldwide. […]
CISO Brief: AI Zero-Days & Holiday Threats; What Healthcare Must Prepare for Now
Over the past month, AI vulnerabilities, delayed breach disclosures, and geopolitical tensions have created new challenges for cybersecurity leaders in healthcare. In this CISO Brief for June 2025, we take a closer look at the month’s top threats and headline-making events – from the first known AI zero-day exposure in Microsoft 365 Copilot (“EchoLeak”) to […]
Why Tactics Matter in Cybersecurity: Rethinking the Way Healthcare Defends
In a recent Fortified Health Security webinar, T.J. Ramsey, Senior Director of Threat Operations, delivered a pointed message: strategy alone won’t protect healthcare organizations from cyber criminals. Tactical execution is what makes the difference. As cyber threats grow in speed, scale, and sophistication, it’s not just about knowing what to do, but about having the […]
CISO Brief: May 2025 Recap – Ransomware Trends, Endpoint Evasion, and the Kettering Health Breach
In our CISO Brief looking at May 2025, we saw threat actors sharpening their techniques and targeting healthcare organizations in ways that challenge our traditional security assumptions. New endpoint evasion tactics, a shift in ransomware strategy targets, and the ransomware group that targeted DaVita may have struck again. This time, it was a different healthcare […]