Evolving the Cybersecurity Landscape

At Fortified Health Security, we know that there are multiple factors that our industry must pay attention to as we look towards building robust cybersecurity programs. One of the most pressing factors is the rapid digitization of healthcare that was happening before the pandemic and is happening at a faster...

Pause To Consider: Multi-factor Authentication

With passwords becoming routinely compromised and users frequently concerned with memorizing lengthy and complex passwords, multi-factor authentication or MFA is becoming increasingly popular. However, the implementation of MFA solutions is not always properly executed to maximize efficiency and effectiveness. When implementing MFA, pause to consider: Have you identified the most...

Pause To Consider: Executive Buy-In

Many CISOs and CIOs are constantly fighting for budget dollars and find themselves competing against other strategic initiatives within their organization. Gaining executive buy-in is critical to any successful cybersecurity program and is required to protect patient information adequately. Buy-in throughout the organization is increasingly more critical as the threat...

Pause To Consider: Staffing Issues

Having trouble finding, recruiting, and retaining the right level of cybersecurity talent to support your organization adequately? You can find comfort in the fact that you are not alone, as this challenge is impacting healthcare organizations across the country. Unfortunately, that comfort doesn’t fix your problem; but thinking differently might....

Pause To Consider: Presenting to C-Suite

Many CISOs and CIOs struggle to find the most effective way to present their cybersecurity program to their board. Delivering this message in a meaningful way can prove to be important as your organization manages risks associated with cybersecurity. Pause to consider: Are you providing information about your program in...

Pause To Consider: Generic Usernames

Generic usernames pose an increased risk to digital environments, making them a desirable target for hackers. Most users don't realize that generic usernames such as “administrator, marketing, finance, surgery, and helpdesk” (among others) often have default passwords assigned to them; as a result, they are not often policed or audited...

PAUSE TO CONSIDER: Privileged Access

Improperly managed privileged Active Directory accounts can introduce significant risk to healthcare organizations. There are several types of privileged accounts, including service accounts and administrator accounts. These accounts are valuable targets for attackers due to management difficulties and the level of access they provide. When managing privileged accounts, pause to...

PAUSE TO CONSIDER: Phishing Attacks

Do your job responsibilities include overseeing or maintaining an environment that provides a secure platform for patient data and business resources? If so, you're probably alarmed by the daily headlines outlining phishing attacks that target healthcare industry employees. Pause to consider: Are your workforce members aware of current phishing trends...

PAUSE TO CONSIDER: Monitoring Connected Medical Devices

Due to widespread adoption and a demand to improve patient outcomes, network-connected medical devices are playing a vital role in every health organization. These devices can decrease costs while increasing the quality of care patients receive. Despite the many advantages these devices offer, improper management can introduce significant risk to...

PAUSE TO CONSIDER: SIEM

Many organizations understand the value of capturing and correlating log events from different security platforms and have invested heavily in Security Information and Event Management (SIEM). SIEM technologies allow organizations to combine custom use-cases tailored to their business with distributed threat intelligence and incident management. To get the most out...

PAUSE TO CONSIDER: Remote Access

How often is remote access evaluated and monitored? In today’s environment, the majority of the healthcare workforce does not need remote access. However, a large segment of remote-access users retains access that they no longer use or need. Unused, open-access accounts need to be disabled. Pause to consider: When was...

PAUSE TO CONSIDER: Security Governance and Compliance Strategy

Many healthcare organizations need a formal process to govern their organization’s security program. A strong security governance and strategy program will better position your organization to respond to changes in technology, regulatory laws, and the ever-changing threat landscape while effectively managing information security and privacy risk to the organization. Pause to...

PAUSE TO CONSIDER: Workforce Targets

It's no secret that the healthcare industry is highly susceptible to cyber-attacks. However, most executives don't realize that many attacks are directed at what's arguably an organization's weakest link: its workforce. Workforce members and their user accounts are generally targeted via phishing attempts or brute force attacks. Pause to consider:...

PAUSE TO CONSIDER: Vulnerability Threat Management

Vulnerability threat management [VTM] is a key fundamental for compliance with HIPAA.  Every healthcare organization should utilize VTM for foundational security management. To set your initiative up for success, pause to consider these essential factors: Are you performing authenticated or non-authenticated scans? Authenticated scans use authenticated user credentials to grant...

PAUSE TO CONSIDER: Business Associates

The HHS Office for Civil Rights (OCR) issued new documentation on May 24, 2019 specifying requirements and prohibitions for which Business Associates are directly liable. The OCR is authorized to take enforcement actions against Business Associates for ONLY 10 specific HIPAA violations.  Some of these violations may include failure to:...

PAUSE TO CONSIDER: Leveraging Technology

By nature, security technologies often have a broad spectrum of visibility into your devices, usage and environment. Pause to consider the following questions to determine if you’re getting the most value out of your security tools: Are you taking advantage of possible integrations? Security technologies work best when they are...

PAUSE TO CONSIDER: Data Loss Prevention

Data Loss Prevention (DLP) technologies often require a significant time commitment, both for deployment as well as for overall system management. Don't risk costly missteps and wasted resources when assessing potential DLP solutions for your organization. As you evaluate DLP technologies, pause to consider: How will DLP policy violations be...

PAUSE TO CONSIDER: Managing Connected Medical Device Security Program

The critical nature of connected medical devices, coupled with the fact that responsibility for the devices often lies with multiple teams, means managing the security of your connected medical devices requires unique and strategic planning. To ensure your connected medical device program is successful, pause to consider: Have you clearly...

PAUSE TO CONSIDER: Managed Security Service Provider

Partnership and engagement are critical in managed service engagements. These relationships differ from an on-demand type relationship, requiring a different approach for success. For these relationships to succeed, and for you to derive value from these engagements, a managed service organization must truly serve as an extension of your team....

PAUSE TO CONSIDER: Connected Medical Devices

Connected medical device security platforms can often provide more value than just security insights. To ensure you're receiving all the value from your connected medical device security platform, pause to consider: Are you leveraging visibility provided by your connected medical technology to aid in other initiatives? Identifying and protecting medical...