Why Unstructured Data Is a Hidden Risk

unstructured data image

When most people think about sensitive data, they picture electronic health records (EHRs), financial databases, or other structured systems. Those are important, but they’re not the whole story. The bigger risk for many organizations — especially in healthcare — sits in unstructured data. Think files, folders, spreadsheets, shared drives, emails, SharePoint, Teams, and cloud storage. […]

CISO Brief: August 2025 Cybersecurity Threat Recap & Fall Outlook 

August 2025 underscored a reality for healthcare cybersecurity leaders: AI is an asset and an attack surface.   This past month, we witnessed some notable AI realities, including early warning signs of “AI fatigue” as enterprises struggle to realize the promised efficiencies. This month’s themes highlight two sides of the same coin: adversaries weaponizing AI to […]

Proven Ways to Strengthen Active Directory Security

There are essentially three threat paths that bad actors take to access an Active Directory in order to compromise and control a hospital system: social engineering, third-party compromise, and system vulnerability compromise. In our new webinar, Intermountain Health’s cybersecurity director, Shawn Anderson, explores proven ways to strengthen Active Directory security by thwarting intruders’ attempts to […]

Respond and Remediate: A CISO’s Guide to the SharePoint Zero-Day Vulnerabilities 

The active exploitation of two Microsoft SharePoint zero-day vulnerabilities should serve as a clear signal to every healthcare CISO: we are out of time.  CVE-2025-53770 and CVE-2025-53771 are not theoretical threats; they are actual security vulnerabilities. They are compromising systems right now, bypassing security controls, and establishing remote code execution access in SharePoint environments worldwide. […]

CISO Brief: AI Zero-Days & Holiday Threats; What Healthcare Must Prepare for Now 

CISO Brief with Russell Teague June 2025 recap

Over the past month, AI vulnerabilities, delayed breach disclosures, and geopolitical tensions have created new challenges for cybersecurity leaders in healthcare. In this CISO Brief for June 2025, we take a closer look at the month’s top threats and headline-making events – from the first known AI zero-day exposure in Microsoft 365 Copilot (“EchoLeak”) to […]

Why Tactics Matter in Cybersecurity: Rethinking the Way Healthcare Defends

In a recent Fortified Health Security webinar, T.J. Ramsey, Senior Director of Threat Operations, delivered a pointed message: strategy alone won’t protect healthcare organizations from cyber criminals. Tactical execution is what makes the difference. As cyber threats grow in speed, scale, and sophistication, it’s not just about knowing what to do, but about having the […]

April 2025 CISO Brief: Behind the Cyber Threat Headlines

Fortified’s Threat Services Team tracks the most pressing cyber threats targeting the healthcare sector each month. April’s activity surrounding PipeMagic ransomware, Oracle’s dual breach allegations, and the news regarding the DaVita ransomware attack illuminate a stark reality: the healthcare sector is under sustained siege from sophisticated threat actors intensifying their focus on healthcare’s legacy systems, […]

The 2025 Horizon Report: Your Roadmap to Cybersecurity Resilience

The healthcare industry is under siege. As we move into 2025, the cybersecurity challenges facing hospitals, health systems, and vendors are growing more complex, more sophisticated, and more frequent. The stakes have never been higher; patient safety, operational continuity, and trust hang in the balance. Cybercriminals are evolving their strategies, leveraging advanced technologies like artificial […]

Hidden Signs of a Healthcare Data Breach

Healthcare data breaches can be costly, difficult to resolve, and dangerous for patients. Yet despite the best preventative practices, breaches can still happen, underscoring the critical need for prompt detection and response. As healthcare organizations are responsible for safeguarding private patient data, swiftly identifying signs of a data breach is essential. If such sensitive information […]