5 Ways to Strengthen the Cyber Conversation with CFOs

Cybersecurity isn’t just a technical conversation anymore; it’s a financial one. In healthcare, the cost of cyber risk is measured not only in terms of breached records or downtime, but also in canceled procedures, delayed reimbursements, and long-term reputational damage. When patient safety and solvency are both at stake, CISOs and CFOs must operate as […]
Lessons from the Frontlines: Navigating a Cybersecurity Crisis During Healthcare Integration

A healthcare CISO faced an unusual situation in an already challenging time. Louis Wright, CISO and Director of IT Security for USA Health in Mobile, Alabama, oversees cybersecurity for a healthcare network that includes major hospitals and more than 70 clinics spread across Mississippi and Alabama, including some that were part of the recently acquired […]
CISO Brief: Cybersecurity Awareness Month 2025

Since the start of 2025, the healthcare sector has continued to experience cyber incidents that have disrupted patient care, exposed millions of records, and reshaped organizational thinking about resilience. Cybersecurity Awareness Month is not just about reminding people of risks; it’s about translating real-world events into actionable lessons. Below is a look back at the […]
CISO Brief: August 2025 Cybersecurity Threat Recap & Fall Outlook

August 2025 underscored a reality for healthcare cybersecurity leaders: AI is an asset and an attack surface. This past month, we witnessed some notable AI realities, including early warning signs of “AI fatigue” as enterprises struggle to realize the promised efficiencies. This month’s themes highlight two sides of the same coin: adversaries weaponizing AI to […]
Why a Risk Assessment is the First Step Toward Cyber Resilience in Healthcare

Knowing where to begin. That’s the biggest challenge most healthcare leaders face when it comes to maturing their cybersecurity programs. From HIPAA requirements to NIST frameworks, the regulations and risks can feel overwhelming. That’s why a risk assessment is often the smartest first step. The Problem to Solve Healthcare organizations are required to conduct periodic […]
Proven Ways to Strengthen Active Directory Security

There are essentially three threat paths that bad actors take to access an Active Directory in order to compromise and control a hospital system: social engineering, third-party compromise, and system vulnerability compromise. In our new webinar, Intermountain Health’s cybersecurity director, Shawn Anderson, explores proven ways to strengthen Active Directory security by thwarting intruders’ attempts to […]
Respond and Remediate: A CISO’s Guide to the SharePoint Zero-Day Vulnerabilities

The active exploitation of two Microsoft SharePoint zero-day vulnerabilities should serve as a clear signal to every healthcare CISO: we are out of time. CVE-2025-53770 and CVE-2025-53771 are not theoretical threats; they are actual security vulnerabilities. They are compromising systems right now, bypassing security controls, and establishing remote code execution access in SharePoint environments worldwide. […]
2025 Mid-Year Horizon Report: Why Now Is the Time to Think Differently

Fortified Health Security just released its biannual 2025 Mid-Year Horizon Report, offering a unique view into what is really happening inside cybersecurity at hospitals, healthcare systems, and their extended digital environments. At the midpoint of 2025, we’re seeing healthcare organizations take cybersecurity more seriously, investing in innovative tools and better frameworks; however, some of the […]
Helping Rural Hospitals Maximize Cybersecurity Budgets

Rural hospitals understand adversity as leaders are always dealing with pressures like tight operating margins and limited resources, especially when it comes to cybersecurity budgets. As these hospitals push to deliver care in some of the nation’s most underserved regions, cybersecurity challenges are becoming increasingly difficult to ignore. A recent survey by Black Book Research […]
CISO Brief: AI Zero-Days & Holiday Threats; What Healthcare Must Prepare for Now

Over the past month, AI vulnerabilities, delayed breach disclosures, and geopolitical tensions have created new challenges for cybersecurity leaders in healthcare. In this CISO Brief for June 2025, we take a closer look at the month’s top threats and headline-making events – from the first known AI zero-day exposure in Microsoft 365 Copilot (“EchoLeak”) to […]