What does Living Off the Land (LOTL) mean in cybersecurity?When a threat actor performs a “Living Off the Land” (LOTL) attack, they use legitimate tools and processes within a system to carry out nefarious activities. Unlike traditional malware, LOTL tactics don't rely on external malicious code; instead, they exploit what's...
Tag: healthcare cybersecurity
Can a decryption key help you avoid a ransom?
Network security admins all have the same fear - Friday afternoon at about 4:30pm, tech support gets a call that a computer is acting strange with files and folders not working properly. Their response to the call reveals a ransom note! But before you consider paying a ransom for a...
5 Healthcare cybersecurity tips for apps and mobile devices
Every healthcare organization, regardless of the devices used, faces the risk of cybersecurity attacks. However, the use of mobile devices and apps can bring the risk of a cyber-attack to another level. Apps and mobile devices are highly effective, affordable, and convenient ways for medical facilities to manage a diverse...
Should You Build or Buy SOC Operations? Partnering with an MSSP
Every organization has unique cyber security risks. You can protect your data from external threats by assessing these risks and creating a security plan. Generally, this process involves either building an internal Security Operations Center (SOC) or partnering with a Managed Security Services Provider (MSSP). What Factors Are Involved with...
Health IT Issues that Deserve a Second Read – October 2021
Fortified Health Security featured in HealthcareNOW Radio.
HIStalk News – 11/5/21
Fortified Health Security hires Jessica Marshall.
The battle to secure healthcare data is taking place behind the scenes
Fortified Health Security featured in HP Enterprise.
Email hack at UMass Memorial Health affects over 200,000 patients
Fortified Health Security featured in Healthcare Business News.
7 Ways to Strengthen Information Security at Your Organization
Fortified Health Security's Dan L. Dodson featured in Chief Healthcare Executive.
HIMSS21: The Daily Show Day 2
Jim Tate and Roberta Mullin were joined at HIMSS21 by Jaime Reynolds, VP of Fortified Health Security
Pause To Consider: Multi-factor Authentication
With passwords becoming routinely compromised and users frequently concerned with memorizing lengthy and complex passwords, multi-factor authentication or MFA is becoming increasingly popular. However, the implementation of MFA solutions is not always properly executed to maximize efficiency and effectiveness. When implementing MFA, pause to consider: Have you identified the most...
Pause To Consider: Executive Buy-In
Many CISOs and CIOs are constantly fighting for budget dollars and find themselves competing against other strategic initiatives within their organization. Gaining executive buy-in is critical to any successful cybersecurity program and is required to protect patient information adequately. Buy-in throughout the organization is increasingly more critical as the threat...
Pause To Consider: Staffing Issues
Having trouble finding, recruiting, and retaining the right level of cybersecurity talent to support your organization adequately? You can find comfort in the fact that you are not alone, as this challenge is impacting healthcare organizations across the country. Unfortunately, that comfort doesn’t fix your problem; but thinking differently might....
Pause To Consider: Presenting to C-Suite
Many CISOs and CIOs struggle to find the most effective way to present their cybersecurity program to their board. Delivering this message in a meaningful way can prove to be important as your organization manages risks associated with cybersecurity. Pause to consider: Are you providing information about your program in...
Pause To Consider: Generic Usernames
Generic usernames pose an increased risk to digital environments, making them a desirable target for hackers. Most users don't realize that generic usernames such as “administrator, marketing, finance, surgery, and helpdesk” (among others) often have default passwords assigned to them; as a result, they are not often policed or audited...
PAUSE TO CONSIDER: Privileged Access
Improperly managed privileged Active Directory accounts can introduce significant risk to healthcare organizations. There are several types of privileged accounts, including service accounts and administrator accounts. These accounts are valuable targets for attackers due to management difficulties and the level of access they provide. When managing privileged accounts, pause to...
PAUSE TO CONSIDER: Phishing Attacks
Do your job responsibilities include overseeing or maintaining an environment that provides a secure platform for patient data and business resources? If so, you're probably alarmed by the daily headlines outlining phishing attacks that target healthcare industry employees. Pause to consider: Are your workforce members aware of current phishing trends...
PAUSE TO CONSIDER: Monitoring Connected Medical Devices
Due to widespread adoption and a demand to improve patient outcomes, network-connected medical devices are playing a vital role in every health organization. These devices can decrease costs while increasing the quality of care patients receive. Despite the many advantages these devices offer, improper management can introduce significant risk to...
PAUSE TO CONSIDER: SIEM
Many organizations understand the value of capturing and correlating log events from different security platforms and have invested heavily in Security Information and Event Management (SIEM). SIEM technologies allow organizations to combine custom use-cases tailored to their business with distributed threat intelligence and incident management. To get the most out...
PAUSE TO CONSIDER: Passwords
One of the most common ways bad actors gain access to digital environments is by guessing passwords. With so many devices being interconnected, cracking into one device could mean access to several devices, as well as extensive access to sensitive information. It is always a good idea to change your password...
PAUSE TO CONSIDER: Remote Access
How often is remote access evaluated and monitored? In today’s environment, the majority of the healthcare workforce does not need remote access. However, a large segment of remote-access users retains access that they no longer use or need. Unused, open-access accounts need to be disabled. Pause to consider: When was...
PAUSE TO CONSIDER: Security Governance and Compliance Strategy
Many healthcare organizations need a formal process to govern their organization’s security program. A strong security governance and strategy program will better position your organization to respond to changes in technology, regulatory laws, and the ever-changing threat landscape while effectively managing information security and privacy risk to the organization. Pause to...
PAUSE TO CONSIDER: Access and Privileges
Hopefully, by now, your information security team has a defined process in place to remove access or privileges when an employee is terminated or transfers to a new role in your organization. Most of us are quick to disable accounts in Active Directory or email, but do you have a...
PAUSE TO CONSIDER: Workforce Targets
It's no secret that the healthcare industry is highly susceptible to cyber-attacks. However, most executives don't realize that many attacks are directed at what's arguably an organization's weakest link: its workforce. Workforce members and their user accounts are generally targeted via phishing attempts or brute force attacks. Pause to consider:...
PAUSE TO CONSIDER: Vulnerability Threat Management
Vulnerability threat management [VTM] is a key fundamental for compliance with HIPAA. Every healthcare organization should utilize VTM for foundational security management. To set your initiative up for success, pause to consider these essential factors: Are you performing authenticated or non-authenticated scans? Authenticated scans use authenticated user credentials to grant...
PAUSE TO CONSIDER: Evaluating Technologies
We often get so focused on individual tools, technologies, or processes that we don’t step back to evaluate the risk to the organization as a whole. Pause to consider these general questions to see if you’ve accounted for risk in your security program: Are you managing the risk of your...
PAUSE TO CONSIDER: Business Associates
The HHS Office for Civil Rights (OCR) issued new documentation on May 24, 2019 specifying requirements and prohibitions for which Business Associates are directly liable. The OCR is authorized to take enforcement actions against Business Associates for ONLY 10 specific HIPAA violations. Some of these violations may include failure to:...
PAUSE TO CONSIDER: Leveraging Technology
By nature, security technologies often have a broad spectrum of visibility into your devices, usage and environment. Pause to consider the following questions to determine if you’re getting the most value out of your security tools: Are you taking advantage of possible integrations? Security technologies work best when they are...
PAUSE TO CONSIDER: Data Loss Prevention
Data Loss Prevention (DLP) technologies often require a significant time commitment, both for deployment as well as for overall system management. Don't risk costly missteps and wasted resources when assessing potential DLP solutions for your organization. As you evaluate DLP technologies, pause to consider: How will DLP policy violations be...
PAUSE TO CONSIDER: Managing Connected Medical Device Security Program
The critical nature of connected medical devices, coupled with the fact that responsibility for the devices often lies with multiple teams, means managing the security of your connected medical devices requires unique and strategic planning. To ensure your connected medical device program is successful, pause to consider: How to Properly...
PAUSE TO CONSIDER: Managed Security Service Provider
Partnership and engagement are critical in managed service engagements. These relationships differ from an on-demand type relationship, requiring a different approach for success. For these relationships to succeed, and for you to derive value from these engagements, a managed service organization must truly serve as an extension of your team....
PAUSE TO CONSIDER: Connected Medical Devices
Connected medical device security platforms can often provide more value than just security insights. To ensure you're receiving all the value from your connected medical device security platform, pause to consider: Questions to Answer About Managing Connected Medical Devices Are you leveraging visibility provided by your connected medical technology to...
PAUSE TO CONSIDER: Patch Management
Servers are often the last systems to get patched or upgraded, making them an ideal target for cybercriminals on a global scale. Hackers can easily launch a successful cyber attack on a server, exploiting the lack of an updated security system, or even vulnerability patches that have not yet been...
Dan L. Dodson interviewed by Information Security Media Group
Fortified's President, Dan L. Dodson discuss the state of connected medical device security in the healthcare industry.
Fortified Releases 2018 Horizon Report Detailing Healthcare Cybersecurity
Fortified's 2018 Horizon Report is an extensive paper detailing the current state of cybersecurity in healthcare, threats, and 2018 trend predictions.
Fortified releases Mid-Year Healthcare Cybersecurity Horizon Report
Fortified Health Security releases Healthcare Cybersecurity Mid-Year Horizon Report covering medical device security, ransomware attacks (WannaCry / Petya), and more.
The WannaCry Virus: An Update & Response for Healthcare
News of the WannaCry virus has covered the globe. Here is what the healthcare industry needs to know and how to protect themselves.
What Healthcare Innovations to Expect in 2017
Our response to Healthcare Innovation News' Thought Leaders' Corner question, "What Healthcare Innovations Do You Expect in 2017?"
Healthcare Cybersecurity Predictions for 2017
As seen in Healthcare Business Today, Fortified Health Security's Dan L. Dodson identifies five major cybersecurity trends in 2017 and steps to take today.
How to Protect your Organization from the Biggest Cybersecurity Threats in 2017
Fortified's Dan L. Dodson shares with Becker's Health IT & CIO Report the top steps for organizations to take in 2017 to protect themselves against cybersecurity threats.