Evolving the Cybersecurity Landscape

At Fortified Health Security, we know that there are multiple factors that our industry must pay attention to as we look towards building robust cybersecurity programs. One of the most pressing factors is the rapid digitization of healthcare that was happening before the pandemic and is happening at a faster...

Single Sign-On vs. MFA: Do You Know The Difference?

Usernames and passwords are the foundation of user authentication, but these factors are no longer enough to prevent data exposure. As cyber threats become more complex, companies are fighting back through single sign-on and multi-factor authentication. These solutions can strengthen your cybersecurity framework without hindering user experience.  What Is Single...

Kwampirs Trojan Targets Healthcare Industry

In response to the latest attack on the healthcare industry by the cybercriminal group Orangeworm, Fortified Health Security COO William Crank penned a commentary for the Disaster Recovery Journal – the leading industry resource for business continuity professionals covering disaster recovery, crisis management, and risk management. Throughout the article, Crank discusses what...

HIPAA Changes Regarding COVID-19: What Healthcare Organizations Should Know

In light of the COVID-19 pandemic, the Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) have issued a Limited Waiver of HIPAA Sanctions and Penalties. While HIPAA regulations and protected health information (PHI) protections are still in place, it’s important that healthcare facilities understand...

How to Maintain Cyber Security When Employees Work Remotely

With the spread of Covid-19 around the country, many organizations are sending employees home to work remotely. Doing so can be an essential health and safety precaution. However, remote work comes with additional cybersecurity threats. Here are some key ways that organizations can prioritize network security while employees are dispersed....

Do You Meet HIPAA’s 3 Areas of Security?

As the occurrence of cyber-attacks and data breaches continue to grow, medical providers find themselves tasked with adhering to an ever-increasing litany of HIPAA compliance requirements. Thus, strong cybersecurity program implementation and maintenance should remain a top priority for healthcare facilities of every size across the U.S. This is especially...

Benefits of Continuous HIPAA Analysis

Within the HIPAA Security Rule Administrative Safeguards, requirements include that covered entities “implement policies and procedures to prevent, detect, contain and correct security violations.” This standard requires both Risk Analysis and Risk Management which assist an organization's management in developing protections for confidentiality, integrity, and availability of ePHI within the...

Five Major Cybersecurity Threats to Your System – And How To Protect Against Them

Healthcare facilities continue to combat the threat of cyber attacks within their digital landscapes, forcing IT departments across the globe to continuously adjust their lines of defense against a network security compromise or data breach. The increasing complexity and sophistication of cybercriminal activities mean healthcare organizations must remain vigilant against...

Cybersecurity Reminder: Microsoft Server 2008/R2 & Windows 7 Support Ends January 2020

As a reminder, Microsoft Server 2008/R2 & Windows 7 is coming to an end, and so are its tech support and updates. Microsoft’s reminder announcement poses a significant cybersecurity threat to any healthcare IT infrastructure running on Microsoft Server 2008/R2 & Windows 7: “The specific end of support day for...

Healthcare Security Incident and Event Management (SIEM): An Introduction to Capabilities

As healthcare organizations continue to embrace and rely on a diverse range of technologies to both manage and treat patients, their internal IT and cybersecurity environments continue to become more complex and challenge situational awareness. This rampant surge of innovation utilization is unlikely to change over the next several years...

Designating Number of Connected Medical Devices

Connected medical devices are being used in various capacities to resolve several issues currently plaguing the healthcare industry on a global scale. Once considered peripheral resources, due to new science and innovation, medical devices and Internet of Things (IoT) technologies have now become integrated into the very fabric of most...

How to Recover From a Healthcare Data Breach

Despite the healthcare industry's continuous efforts to minimize cybercriminal activity, cyber attacks continue to make their tumultuous presence known throughout the industry. As a result, medical facilities, providers, and payers have prioritized protecting their digital infrastructure against a data breach. Healthcare organizations are consistently implementing preventative measures such as update...

How A Virtual Information Security Program Revolutionizes Cybersecurity in Your Organization

Despite continuously integrating innovative cybersecurity upgrades and enhancements, the healthcare industry remains a primary target for cyber attacks and data breaches for a myriad of reasons. A medical facility's technology environment contains employee and provider information, financial data, as well as a full spectrum of highly sensitive patient information, all...

How to Conduct an Inventory of Your Medical Devices to Plan for Confident Cybersecurity

Connected medical devices have become an integral part of the patient experience here in the United States. Recent statistics demonstrate that a single hospital room may have, on average, 15-20 medical devices in it, many of them connecting directly into the healthcare facility's IT infrastructure. Beyond the number in each...

HIPAA and Cybersecurity Applied to Medical Devices

Medical devices are increasingly being connected to hospital networks, the internet, patient home networks, and to other medical devices. This broad sharing of information allows physicians to respond to patient needs more quickly and tailor treatment plans based on outputs from medical devices in use. However, these capabilities also increase...

Healthcare Cybersecurity Tips for Apps and Mobile Devices

Every healthcare organization, regardless of the devices used, faces the risk of cybersecurity attacks. However, the use of mobile devices and apps can bring the risk of a cyber-attack to another level.  Apps and mobile devices are highly effective, affordable, and convenient ways for medical facilities to manage a diverse...

6 Recommendations for Taking Your Healthcare Information Management Systems from Compliance to Confidence

Cyber attacks are a regular occurrence throughout the healthcare industry. Unfortunately, not only are data nad network security compromises common, they are also costly. A cyberattack can cost the organization $1.4 million in recovery expenses alone on average, including loss of productivity, service disruption, and irreparable reputation damage for medical...

Pause To Consider: Multi-factor Authentication

With passwords becoming routinely compromised and users frequently concerned with memorizing lengthy and complex passwords, multi-factor authentication or MFA is becoming increasingly popular. However, the implementation of MFA solutions is not always properly executed to maximize efficiency and effectiveness. When implementing MFA, pause to consider: Have you identified the most...

Pause To Consider: Executive Buy-In

Many CISOs and CIOs are constantly fighting for budget dollars and find themselves competing against other strategic initiatives within their organization. Gaining executive buy-in is critical to any successful cybersecurity program and is required to protect patient information adequately. Buy-in throughout the organization is increasingly more critical as the threat...

Pause To Consider: Staffing Issues

Having trouble finding, recruiting, and retaining the right level of cybersecurity talent to support your organization adequately? You can find comfort in the fact that you are not alone, as this challenge is impacting healthcare organizations across the country. Unfortunately, that comfort doesn’t fix your problem; but thinking differently might....

Pause To Consider: Presenting to C-Suite

Many CISOs and CIOs struggle to find the most effective way to present their cybersecurity program to their board. Delivering this message in a meaningful way can prove to be important as your organization manages risks associated with cybersecurity. Pause to consider: Are you providing information about your program in...

Pause To Consider: Generic Usernames

Generic usernames pose an increased risk to digital environments, making them a desirable target for hackers. Most users don't realize that generic usernames such as “administrator, marketing, finance, surgery, and helpdesk” (among others) often have default passwords assigned to them; as a result, they are not often policed or audited...

PAUSE TO CONSIDER: Privileged Access

Improperly managed privileged Active Directory accounts can introduce significant risk to healthcare organizations. There are several types of privileged accounts, including service accounts and administrator accounts. These accounts are valuable targets for attackers due to management difficulties and the level of access they provide. When managing privileged accounts, pause to...

PAUSE TO CONSIDER: Phishing Attacks

Do your job responsibilities include overseeing or maintaining an environment that provides a secure platform for patient data and business resources? If so, you're probably alarmed by the daily headlines outlining phishing attacks that target healthcare industry employees. Pause to consider: Are your workforce members aware of current phishing trends...

PAUSE TO CONSIDER: Monitoring Connected Medical Devices

Due to widespread adoption and a demand to improve patient outcomes, network-connected medical devices are playing a vital role in every health organization. These devices can decrease costs while increasing the quality of care patients receive. Despite the many advantages these devices offer, improper management can introduce significant risk to...

PAUSE TO CONSIDER: SIEM

Many organizations understand the value of capturing and correlating log events from different security platforms and have invested heavily in Security Information and Event Management (SIEM). SIEM technologies allow organizations to combine custom use-cases tailored to their business with distributed threat intelligence and incident management. To get the most out...

PAUSE TO CONSIDER: Remote Access

How often is remote access evaluated and monitored? In today’s environment, the majority of the healthcare workforce does not need remote access. However, a large segment of remote-access users retains access that they no longer use or need. Unused, open-access accounts need to be disabled. Pause to consider: When was...

PAUSE TO CONSIDER: Security Governance and Compliance Strategy

Many healthcare organizations need a formal process to govern their organization’s security program. A strong security governance and strategy program will better position your organization to respond to changes in technology, regulatory laws, and the ever-changing threat landscape while effectively managing information security and privacy risk to the organization. Pause to...

PAUSE TO CONSIDER: Workforce Targets

It's no secret that the healthcare industry is highly susceptible to cyber-attacks. However, most executives don't realize that many attacks are directed at what's arguably an organization's weakest link: its workforce. Workforce members and their user accounts are generally targeted via phishing attempts or brute force attacks. Pause to consider:...

PAUSE TO CONSIDER: Vulnerability Threat Management

Vulnerability threat management [VTM] is a key fundamental for compliance with HIPAA.  Every healthcare organization should utilize VTM for foundational security management. To set your initiative up for success, pause to consider these essential factors: Are you performing authenticated or non-authenticated scans? Authenticated scans use authenticated user credentials to grant...

PAUSE TO CONSIDER: Business Associates

The HHS Office for Civil Rights (OCR) issued new documentation on May 24, 2019 specifying requirements and prohibitions for which Business Associates are directly liable. The OCR is authorized to take enforcement actions against Business Associates for ONLY 10 specific HIPAA violations.  Some of these violations may include failure to:...

PAUSE TO CONSIDER: Leveraging Technology

By nature, security technologies often have a broad spectrum of visibility into your devices, usage and environment. Pause to consider the following questions to determine if you’re getting the most value out of your security tools: Are you taking advantage of possible integrations? Security technologies work best when they are...

PAUSE TO CONSIDER: Data Loss Prevention

Data Loss Prevention (DLP) technologies often require a significant time commitment, both for deployment as well as for overall system management. Don't risk costly missteps and wasted resources when assessing potential DLP solutions for your organization. As you evaluate DLP technologies, pause to consider: How will DLP policy violations be...

PAUSE TO CONSIDER: Managing Connected Medical Device Security Program

The critical nature of connected medical devices, coupled with the fact that responsibility for the devices often lies with multiple teams, means managing the security of your connected medical devices requires unique and strategic planning. To ensure your connected medical device program is successful, pause to consider: Have you clearly...

PAUSE TO CONSIDER: Managed Security Service Provider

Partnership and engagement are critical in managed service engagements. These relationships differ from an on-demand type relationship, requiring a different approach for success. For these relationships to succeed, and for you to derive value from these engagements, a managed service organization must truly serve as an extension of your team....

PAUSE TO CONSIDER: Connected Medical Devices

Connected medical device security platforms can often provide more value than just security insights. To ensure you're receiving all the value from your connected medical device security platform, pause to consider: Are you leveraging visibility provided by your connected medical technology to aid in other initiatives? Identifying and protecting medical...

Benefits of a Web Application Firewall for Your Healthcare Organization

Application attacks are on the rise in healthcare organizations across the country. The high demand from both patients and staff to have easy access to records and scheduling has resulted in a growing number of web applications being offered to users. However, as with any technology surge, the increase in...

Maintaining Strong IT Security When Using Medical Devices

Connected medical devices have been around, in various capacities, for the last several decades. However, the current advancements in technology, coupled with Internet of Things (IoT) innovation, has officially and effectively redefined the impact and reliance on these devices throughout the healthcare industry. Seen as an emerging technology and enabler...

Medical Device Security: How to Assess Your Organization’s Readiness in 2019

Medical devices have experienced a significant growth surge over the last several years. Recent statistics indicate that a single hospital room may hold as many as 15-20 devices at any given moment, proving their value as an integral part of the patient care experience. The latest generation of medical devices,...

Cybersecurity Alert: 3 Medical Devices that Might Put You at Risk in 2019

Medical devices are some of the most vital tools for healthcare organizations of every size and scope, impacting the performance (and public perception) of a facility. Practices throughout the country utilize an increasingly wide range of medical equipment to improve care levels as well as stand out as a market...

Health IT: Can You Stay Connected and Avoid Security Risks?

Every year, various advancements in technology make their way into the healthcare industry. From the Internet of Things [IoT] to telemedicine, all of these innovations are changing the way medical institutions deliver care across the world. While many significant benefits come from these modern healthcare innovations, staying connected at all...

Is Your Healthcare Organization in Danger of a Cybersecurity Breach?

Network security and cyber attacks continue to plague healthcare organizations of every size and scope across the US. A recently report,released by the Office for Civil Rights (OCR), showed that over 15 million patient records were compromised in 2018 – a number that's only expected to grow with the surge...

Can You Find and Secure the Sensitive Information in Your Organization’s Network Infrastructure?

All healthcare organizations capture and store sensitive data sets within their IT networks that require extensive protection from unauthorized access or a cyber attack. Unfortunately, many organizations struggle with identifying and safeguarding this information simply because they don't know what qualifies as sensitive data and where such data is located...

Medical Device Security: A New Front In The Cybersecurity War

Medical devices play a vital role in every health organization’s overall performance as well as the quality of care they can provide to patients. Today's state-of-the-art devices deliver a wide range of benefits, including the opportunity for continuous monitoring, telemedicine, and data analytics. Despite the many advantages offered through these...

Five Things Your Healthcare Company Should Do After a Data Breach

Healthcare data breaches have been on the rise in recent years. Medical data is always a big target for cybercriminals as it is much more valuable than personal information alone. Many of these data breaches are considered an outside cyber attack – a lapse in cybersecurity due to a hacker...

Who (And What) Should Have Access to Your Network?

Preventing a data breach or network security lapse is a top priority for healthcare organizations worldwide. The very nature of the devices and data transmitted across every internal system, coupled with a typically (and often, alarmingly) low number of cybersecurity resources makes healthcare environments exceptionally vulnerable to a cyber attack....

A Security Checklist for Healthcare Organizations

Cyber attacks and data breaches are on the rise in virtually every industry that utilizes and stores sensitive information to power its operations. However, the healthcare vertical is often particularly vulnerable to a network security lapse, often finding their data loss prevention efforts powerless against the increasingly sophisticated and complex...

5 Threats to Your Healthcare Organization’s Cybersecurity Posture

No matter what the industry, virtually every business battles the constant threat of a cyber attack on various levels. However, for healthcare organizations, the highly sensitive nature of the information stored throughout their networks makes them a prime target for hackers across the globe. As cybersecurity threats within the vertical...

6 Considerations for HIPAA Compliant Penetration Testing

Strategic and results-driven penetration testing (also known as pen testing) helps healthcare enterprises maintain the highest levels of network security across their entire organization. Often referred to as "ethical hacking," a penetration test examines an organization’s digital enterprise vulnerabilities and assesses those vulnerabilities through the same methods that a real-world...

Fortified Health Security: Is Your Network Vulnerable To Intrusion?

Healthcare organizations across the country suffer from a myriad of network security issues that put their (and their patients') data at risk. Unfortunately, many healthcare administrators don't realize the scope of their cybersecurity vulnerabilities or just how at risk their organization is for a potential data breach – until it's...

5 Things Healthcare Companies Miss When Getting Ready for an Audit

Audit. The mere mention of the word can instantly stir mild to moderate panic throughout even the most diligent healthcare IT department. For a myriad of reasons, most healthcare organizations dread the idea of conducting industry mandated cybersecurity risk assessments. Compliance evaluations are time-consuming, disrupting normal corporate activities and potentially...

Do Your Security Policies Include Your Vendors?

Healthcare organizations recognize the vital urgency of maintaining uncompromised internal network security at all times. Under constant threat of a cyber attack, IT departments at hospitals and providers of every size prioritize cybersecurity practices, making proactive prevention and detection of a data breach a primary goal. Outside Vendors Can Pose...

7 Things Every Healthcare CTO Should Consider When Planning a HIPAA Risk Analysis

The HIPAA Security Rule mandates that healthcare organizations must have the appropriate technical, administrative, and physical safeguards in place to protect the integrity, security, and confidentiality of electronically stored health data against a data breach or cyber attack. To remain compliant with HIPAA regulations, healthcare organizations must conduct an annual...

Healthcare IT: The Biggest Healthcare Spam Threats (And How to Avoid Them)

The practice of spam began innocently enough in 1978 (yes, really), when Gary Thuerk, a marketing associate at Digital Equipment Corporation sent a promotional mass-email to 400 recipients touting the arrival of the company's new T-series of VAX systems. The reaction was swift, fierce, and familiar: unadulterated annoyance. Today, the...

Healthcare IT: Your Essential Guide to Making Email More Secure

Yes, there are countless cybersecurity threats plaguing healthcare networks across the country at any given moment. However, recent reports suggest that many data breaches across any industry specifically occur due to poor email security practices within the company. A 2017 Data Breach Investigations Report indicates that as much as 66%...

Fortified Health Security: What Does It Mean to Be HITRUST-Certified

Healthcare providers across every specialty rely on high-performing technology to both treat and support their patients. Whether it's integrating a cloud-based CRM to automate back office functioning such as appointment scheduling or billing, or incorporating the latest, state-of-the-art connected medical devices into a treatment protocol, innovation is at the very...

How To Triage Your Healthcare IT Security Needs And Stay On Budget

In the healthcare industry, the word "triage" typically refers to a medical process that determines the order in which admitted patients receive treatment. In larger hospitals, triage protocol becomes particularly vital, as hundreds (and potentially even thousands) of patients pursue treatment and care daily. As patients are triaged, medical professionals...

Is Your Healthcare Organization HIPAA Compliant? Check Out Our Guide

For healthcare IT teams across the country, maintaining network security throughout an organization isn't just about keeping data safe – it's also about keeping their operations compliant. The medical industry's rapidly increasing reliance on cloud-based technology and connected medical devices to transmit critical patient data have made cybersecurity issues and...

Healthcare IT: How Often Are You Checking Your Network for Security Risks?

It's official. Healthcare data breaches and cyber attacks have already reared their ugly digital heads in 2019. A recently released HIPAA Journal report demonstrated that, despite a respectable dip in cyber attacks throughout December 2018, January data breach events at healthcare facilities across the country rose to above typical levels....

Human Capital Management: 3 Tips To Insulate Your Organization from the Turnover Epidemic

With IT talent shortages reaching record heights, the healthcare industry is under mounting pressure to not only hire high performing technology employees to manage its mission-critical network security and data loss prevention efforts, but also to retain these staff members once they've joined the team. Unfortunately, successfully retaining high-performing employees...

Fortified Health Security: What You’ll Discover in the 2019 Horizon Report on Connected Medical Devices and Risks

As a leader in healthcare cybersecurity, data loss prevention, and managed services, Fortified Health Security is dedicated to supporting our partners across multiple levels of service. In addition to our hands-on, customized cybersecurity solutions, we also develop and distribute a wide range of industry-relevant resources and materials to help support...

Fortified Health Security: How We Help Clients Leverage Rather than Tolerate Technology

As a leading Managed Security Service Provider (MSSP), Fortified Health Security develops and implements full-scale security information and event management (SIEM) and network security solutions that protect both facility and patient intelligence. However, at Fortified Health Security, maintaining the highest levels of cybersecurity framework standards and best practices isn't enough....

Fortified Health Security: How We Onboard Clients for Lasting IT Security Success

At Fortified Health Security, we understand that the first 90 days of engagement with a new client plays a pivotal role in the overall success of our partnership. Make no mistake: as cybersecurity specialists, we prioritize every project phase. We make it our mission to boost data loss prevention and...

Healthcare IT: Can You Accurately Assess Your Healthcare Tech Needs In-House?

The technology needs of any healthcare organization are constantly changing, forcing administrators to continuously reevaluate whether current systems fully support both patient and process needs. There are a myriad of reasons for this. For some healthcare organizations, it's simply a matter of updating obsolete programs to a more advanced and...

Partnering With An IT Security Firm To Solve The #1 HR Problem: Turnover

As the IT Security candidate shortage in the medical industry continues to grow, healthcare administrators find themselves faced with a second staffing crisis: turnover. As companies in every vertical compete for the same dwindling talent pool, the healthcare segment has had to navigate an upswing in turnover amongst their cybersecurity...

Purchasing New Medical Technology? Take These 4 Steps First to Keep Them Secure

Like most innovation-centric industries, the healthcare vertical is undergoing rampant adoption and acceptance of the Internet of Things (IoT) as it strives to improve services, performance, and function. Accelerated leaps in technology have given healthcare executives extensive access to technology designed specifically to improve care levels as well as elevate...

Healthcare IT: How Interoperability Makes Penetration Testing Even More Important

Healthcare organizations within every medical specialty continue to expand, making interoperability a top priority for physicians, providers, and patients. As healthcare facilities' IT systems and digital infrastructures grow, interoperability enables seamless care and coverage, both on an individual and community level. As a result, providers, administrators, and stakeholders find themselves...

Human Capital Management: The Outlook for Retaining Top Talent in 2019

Recent reports have confirmed what healthcare directors and HR specialists have already recognized and painfully experienced firsthand throughout 2018: last year’s cybersecurity job market was rife with hiring gaps, transitions, and disruptions. While the past several years have proven challenging for healthcare organizations looking to staff up their internal network...

How Are IT Risks Different For A Company That Handles Protected Health Information?

As cybersecurity threats and attacks continue to evolve, hackers are consistently turning their attention to the United States healthcare industry. A 2017 report released by the Identity Theft Resource Center showed that, of the total number of data breaches tracked for the year by the organization, the Medical/Healthcare industry came...

HSCC Releases New Framework For Medical Device Security

At Fortified Health Security, we've seen firsthand how the many cybersecurity threats plaguing United States medical devices can impact healthcare facilities and organizations on a national scale. Yes, speed-of-light technology advances have transformed healthcare practices, treatments, and service delivery, exponentially increasing the quality of patient care across virtually every medical...

HIMSS19: What to Expect When Your Team Meets with Fortified Health Security. See us at Booths 2889 and 400-67

As a leading healthcare cybersecurity resource, Fortified Health Security makes staying on top of the latest industry trends and innovations a top priority. For us, attending relevant healthcare events and symposiums is about more than just finding new ways to network with both marketplace leaders and healthcare executives (although we...

Healthcare IT: Facing the Staffing Crisis through an Alternative Approach

IT security within the healthcare industry is currently facing a major staffing crisis. This cybersecurity talent shortage has delivered significant blows throughout virtually every vertical, but the healthcare sector has been hit especially hard. A 2017 report released by the U.S. Department of Health and Human Services noted that the...

Why Working with an MSSP Is Smarter Than Building Your Own Cybersecurity Team

The landscape of cybersecurity is in constant flux. Hackers are continuously developing newer, smarter, and more sophisticated ways to infiltrate network security at companies on a global scale. For healthcare facilities, the increased threat of a cyber attack means ramping up security measures across the entire organization to protect the...

Healthcare IT: Is Your Network Safe and Secure for All Your Connected Medical Devices?

Technology enabled devices within the U.S. healthcare industry continue to grow at the speed-of-light. The emergence of IoT, telemedicine, e-clinical trials, and a myriad of other digital medical technologies are directly impacting how care is both delivered and received on a global basis. Great news, right? Yes and no. While...

Five Tips for Protecting Your IoT-enabled Medical Devices

Research shows us that security breaches can greatly impact a healthcare organization’s reputation. Unfortunately, healthcare leaders are stuck in the cross hairs of consumers and hackers. While consumers want transparency, access to information and assurance their personal information will remain safe, hackers are busy compromising patient information at a faster...

HIMSS Takaways for 2018

Customer Experience, Protecting IoT and Connected Medical Devices, and Clinical Engineering + HIT are top areas of discussion at recent HIMSS conference.

Can We Overcome Human Error in Cybersecurity?

Healthcare is taking steps to address the human elements in cybersecurity, including beefed up security awareness training for all employees. But the unique conditions of a healthcare workplace make it difficult to achieve alignment on security policy. Here are a few guidelines to help reduce exposure and mitigate the impact...

Why National Cybersecurity Awareness Month Matters

National Cyber Security Awareness Month reminds us that hospitals and health systems are custodians of precious patient information, and they have a clinical, ethical and legal obligation to keep data safe and secure. Amidst the daily blocking and tackling of cyber security, the annual event reinforces our commitment to helping...