Recent research shows that 99%* of healthcare organizations run medical systems with at least one device containing a CISA Known Exploited Vulnerability (KEV) in their environment.
At the same time, 50%* of organizations are investing in vulnerability tools, yet remediation across OT and clinical environments still takes days or weeks. The gap between “thousands of findings” and “what do we fix this week” is where cybersecurity risks live.
In this session, you will see how CISA Known Exploited Vulnerabilities (KEVs) and first-seen dates help you find what matters most, patch efficiently, and demonstrate measurable progress that reassures leadership and builds trust.
You’ll Learn:
- Effective approaches to turn noisy scan data into a focused patching plan for your team
- How to use CISA KEVs to decide what gets patched first, and what can wait
- Build clear, defensible SLAs and metrics that answer board and cyber insurer questions without needing a translator
About the presenters
Brandon Crawford
Manager, Vulnerability Threat Management
Fortified Health Security
T.J. Ramsey
Senior Director, Threat Operations
Fortified Health Security
T.J. Ramsey is a seasoned IT security professional with more than 18 years of experience in healthcare and defense intelligence. He served as a U.S. Army Military Intelligence Analyst for the Department of Defense and held security roles at Obsidian Solutions Group and SAIC/Leidos. T.J. has shared his cybersecurity expertise in publications such as TechTarget and Chief Healthcare Executive, and has presented at industry events, including Health Connect Partners (HCP), CHIME, and THIMA.