Recent research shows that 99%* of healthcare organizations run medical systems with at least one device containing a CISA Known Exploited Vulnerability (KEV) in their environment.
At the same time, 50%* of organizations are investing in vulnerability tools, yet remediation across OT and clinical environments still takes days or weeks. The gap between “thousands of findings” and “what do we fix this week” is where cybersecurity risks live.
In this session, you will see how CISA Known Exploited Vulnerabilities (KEVs) and first-seen dates help you find what matters most, patch efficiently, and demonstrate measurable progress that reassures leadership and builds trust.
You’ll Learn:
- Effective approaches to turn noisy scan data into a focused patching plan for your team
- How to use CISA KEVs to decide what gets patched first, and what can wait
- Build clear, defensible SLAs and metrics that answer board and cyber insurer questions without needing a translator
About the presenters
Brandon Crawford
Manager, Vulnerability Threat Management
Fortified Health Security
Brandon Crawford is a cybersecurity leader with more than 20 years of experience securing complex technical environments, with a strong focus on healthcare. He has built and led patch and vulnerability management programs for Indian Health Services, major health systems across the country, and more than 400 hospitals overall. Brandon’s background also includes advising high-security federal environments, including the Department of Defense, Department of Homeland Security, FBI, CIA, Department of Transportation, and the U.S. Department of the Interior, where he is known for turning complex risk into clear, actionable guidance.
T.J. Ramsey
Senior Director, Threat Operations
Fortified Health Security
T.J. Ramsey is a seasoned IT security professional with more than 18 years of experience in healthcare and defense intelligence. He served as a U.S. Army Military Intelligence Analyst for the Department of Defense and held security roles at Obsidian Solutions Group and SAIC/Leidos. T.J. has shared his cybersecurity expertise in publications such as TechTarget and Chief Healthcare Executive, and has presented at industry events, including Health Connect Partners (HCP), CHIME, and THIMA.