CISO Brief: Regulatory Update on the 2026 National Cybersecurity Strategy
The 2026 National Cybersecurity Strategy focuses on deterring geopolitical adversaries, protecting critical infrastructure, accelerating global technological leadership, modernizing federal systems and their private-sector partners, simplifying cyber regulations, and strengthening the cyber workforce. One of the more important signals for healthcare is that hospitals are increasingly being discussed alongside the energy grid, water utilities, and other critical […]
February 2026 CISO Brief: Privacy Deadlines, Clinical Impact, and Persistent Attack Paths
As healthcare organizations move closer to the February 16, 2026, compliance deadline for the updated 42 CFR Part 2 requirements, they are doing so in an environment defined by persistent ransomware activity, slow remediation of known exploited vulnerabilities, expanding clinical attack surfaces, and growing use of unmanaged technologies. This month’s Brief focuses on how these […]
CISO Brief: Cybersecurity Awareness Month 2025
Since the start of 2025, the healthcare sector has continued to experience cyber incidents that have disrupted patient care, exposed millions of records, and reshaped organizational thinking about resilience. Cybersecurity Awareness Month is not just about reminding people of risks; it’s about translating real-world events into actionable lessons. Below is a look back at the […]
Rethinking Your Cybersecurity Budget in Tight Times
For any hospital or health system with a 60%+ percentage of Medicare/Medicaid patients, the upcoming cuts authorized in the Big Beautiful Bill will impact you and your cybersecurity budget. But there are proactive steps you can take to prepare for the reductions coming in 2027. That’s the topic explored in detail in the new Fortified […]
Why Unstructured Data Is a Hidden Risk
When most people think about sensitive data, they picture electronic health records (EHRs), financial databases, or other structured systems. Those are important, but they’re not the whole story. The bigger risk for many organizations — especially in healthcare — sits in unstructured data. Think files, folders, spreadsheets, shared drives, emails, SharePoint, Teams, and cloud storage. […]
August 2025 CISO Brief: Policy, Funding, and the Path Forward
How federal staffing cuts, government restructuring, and Medicaid policy shifts threaten the cybersecurity posture of our healthcare system. In a recent set of Questions for the Record (QFRs), Senator Edward Markey highlighted growing vulnerabilities in the cybersecurity infrastructure supporting the U.S. healthcare system. These questions, submitted to the Senate HELP Committee, signal urgent concern over […]
2025 Mid-Year Horizon Report: Why Now Is the Time to Think Differently
Fortified Health Security just released its biannual 2025 Mid-Year Horizon Report, offering a unique view into what is really happening inside cybersecurity at hospitals, healthcare systems, and their extended digital environments. At the midpoint of 2025, we’re seeing healthcare organizations take cybersecurity more seriously, investing in innovative tools and better frameworks; however, some of the […]
HSCC’S New Framework For Medical Device Security
While many providers assume that it’s the facility’s internal infrastructure that fosters data breaches, the problem frequently lies with the device itself. Currently, the FDA has no federal mandate outlining required device cybersecurity protections. As a result, both legacy and newly introduced medical equipment can pose a significant (and potentially unknown) threat to healthcare facilities […]
What’s Different About Securing PHI?
Cybersecurity and data loss prevention are critical IT components at any organization. Especially in the case of Protected Health Information (PHI). However, for companies that handle protected health information, ramping up network security to prevent a cybersecurity attack requires a heightened sense of urgency. A corporate online security breach can reveal consumer data such as […]
Is Your Healthcare Organization HIPAA Compliant?
For healthcare IT teams across the country, maintaining network security throughout an organization isn’t just about keeping data safe – it’s also about keeping their operations compliant. The medical industry’s rapidly increasing reliance on cloud-based technology and connected medical devices to transmit critical patient data have made cybersecurity issues and data loss prevention efforts top […]