FOCUS ON CYBERSECURITY

Cybersecurity strategy: Hackers have one, do you?

Weaponized malware, hackers holding data hostage, social engineering and spearphishing campaigns — those are just the basic attack types common today. Hospitals also have to safeguard against the next big threat to health data when there’s literally no way to know what it will look like or when it might come.

During October, we talk to infosec executives and experts about the problems and practical steps to securing sensitive data, advice about what to do (and what not to do) during and after a security incident, and a look at emerging trends, such as analytics and evidence-based security that hospitals should know about.

What you need to know

cybersecurity infosec
News

Focus on cybersecurity: 5 things we learned this month

Synthetic ID theft, infosec dashboards, the real weakest link and more factored into the security...
By Tom Sullivan |
October 30, 2018
breach medical identity theft
News

The real victim in health data breaches? Patients' medical identities

Hackers can perform synthetic identify theft long after a cybersecurity event by piecing together...
By Jessica Davis |
October 29, 2018
Cybersecurity vulnerability patch management
News

Cybersecurity checkup: Healthcare rapidly closing flaws, but employees pose threat

Veracode found that the healthcare and retail sectors are reducing risk the fastest among other...
By Jessica Davis |
October 26, 2018
Cloud security illustration.
News

Why healthcare data may be more secure with cloud computing

But like with most things in healthcare, organizations need to keep following up after choosing the...
By Jonah Comstock |
October 26, 2018
infosec leader with network infrastructure
News

Poll: How is your cybersecurity posture?

Take our quick survey, and we'll report on the results, so you can get a sense of what your...
By Healthcare IT News |
October 26, 2018
Staff monitoring security.
News

A CIO guide to building a dashboard for cybersecurity

KPIs, metrics and other must-haves hospitals should track continuously to protect medical and...
By Bill Siwicki |
October 23, 2018
Workers looking at an analytics dashboard.
News

How to build a security dashboard for startups

Infosec experts share advice about what innovators should track, security-wise, when building new...
By Laura Lovett |
October 23, 2018
Worker looking at an analytics dashboard.
News

CFOs guide to building a cybersecurity dashboard

Password strength, multiple tabs and SOC audits are some of the means by which healthcare providers...
By Jeff Lagasse |
October 23, 2018
Man working in server room.
News

Can't afford a security chief? Here are the alternatives

Hospitals and medical groups with limited security resources still have leadership options in...
By Susan Morse |
October 22, 2018
Cloud security illustration.
News

Why healthcare data may be more secure with cloud computing

But like with most things in healthcare, organizations need to keep following up after choosing the...
By Jonah Comstock |
October 26, 2018
FDA and Homeland Security signs.
News

FDA, DHS to increase collaboration on medical device security and framework

While the two federal agencies have worked together on vulnerability disclosures in the past, a new...
By Jessica Davis |
October 17, 2018
Doctor texting.
News

HIPAA lets providers text patients, but is it secure?

As texting between patients and providers becomes more common, it’s imperative that providers...
By Laura Lovett |
October 17, 2018
News

How to build an effective cybersecurity strategy on a tight budget

Basic building blocks of a good information security plan can be found at lower costs than many...
By Beth Jones Sanborn |
October 15, 2018
cardiac implant xray
News

Medical device vendor disables internet updates over hacking risk, FDA alerts

The Food and Drug Administration issued a cybersecurity alert on two Medtronic devices that could...
By Jessica Davis |
October 12, 2018
Anahi Santiago, Heather Roszkowski and Cris Ewell.
News

CISOs offer insights into patch management strategies

Keeping software up to date without disrupting care delivery requires a plan for regular patching...
By Mike Miliard |
October 11, 2018
News

Securing legacy medical devices is daunting – but not optional

Skipping out on comprehensive device documentation and risk assessment will cripple an organization...
By Dave Muoio |
October 11, 2018
HIPAA complaince audit form
News

HIPAA and data sharing: Rethinking both for the Digital Age

As HIPAA was written when most providers still used paper charts, the framework today has plenty of...
By Corinne Smith |
October 10, 2018
man pointing at a computer screen with phone in hand
News

HITRUST kicks off program to give security support to startups

HITRUST launched a security program to help start-up companies bolster their privacy and security...
By Jessica Davis |
October 10, 2018
man working on server stacks
News

How to flip a cybersecurity event around to get more resources, infosec talent

Security experts share insights about crafting lessons learned plans to obtain more resources...
By Tom Sullivan |
October 08, 2018
doctor with patient looking at tablet health record
News

GDPR four months in – what has changed?

As compliance continues to be a point of concern, we take a look at the implications of GDPR for UK...
By Leontina Postelnicu |
October 08, 2018
Christian Dameff speaking on stage
News

Medical device security: How to find the cyberattack hiding from view

The healthcare sector is well-aware that medical devices are vulnerable, but it’s hard to...
By Jessica Davis |
October 05, 2018
Dan Constantino speaking to HIMSS TV
News

Evidence-based security: Using data and analytics to protect health information

Penn Medicine CISO Dan Costantino outlines the steps to gathering information so you can plan...
By Dan Costantino |
October 04, 2018
News

BlackBerry launches Spark platform for secure connectivity, announces healthcare security products

BlackBerry' new healthcare-related security products include a blockchain system for medical...
By Laura Lovett |
October 04, 2018
computer login screen
News

Ethical hacking: What to look for in a pen tester

Simulated attacks on a healthcare organization can help infosec leaders assess their security...
By Jessica Davis |
October 03, 2018
10 health tech hazards graphic
News

Cybersecurity tops ECRI's list of Top 10 Health Technology Hazards

The prospect of hackers gaining access to remote access to networked IT systems and connected...
By Mike Miliard |
October 03, 2018
administrator login screen
News

Focus on Cybersecurity: 3 charts take a pulse of infosec today

New HIMSS Media research outlines hospitals’ top security concerns, ranks ways they’re...
By Tom Sullivan |
October 01, 2018
collage of photos about security breaches
News

How not to handle a data breach brought to you by Uber, Equifax and many others

As seen with Nuance and the Allscripts lawsuit, when a breach or cyber incident occurs – like...
By Jessica Davis |
October 01, 2018

Healthcare Security Forum

Jane Harper
Video

Build security best practices like a marriage

Jane Harper, Director Privacy & Security Risk Management at Henry Ford Health System, discusses...
By HIMSS TV |
October 30, 2018
News

Consumerism driving hospitals to break down cybersecurity boundaries

It starts with hiring "hardcore cloud animals," to change the culture and rethink infosec...
By Tom Sullivan |
October 19, 2018
Theresa Payton, CEO of Fortalice Solutions
News

Debunking the cybersecurity thought that humans are the weakest link

Experts at the HIMSS Healthcare Security Forum said the next phase of infosec should be to secure...
By Tom Sullivan |
October 15, 2018
HIMSS Security Forum Leadership Panel
News

Healthcare infosec leaders rank security posture, maturity just 'average'

While healthcare organizations are better understanding and investing in cybersecurity needs,...
By Jessica Davis |
October 16, 2018
Darren Lacey talking to HIMSS TV
Video

Trust is key with healthcare information security, technology

Johns Hopkins Medicine CISO Darren Lacey shares his thoughts on the sector’s inherent...
By HIMSS TV |
October 17, 2018
Christian Dameff speaking to HIMSS TV
Video

Medical device vulnerabilities will impact patient safety, infrastructure

Despite the healthcare sector’s awareness of medical device flaws, many are still focused on...
By HIMSS TV |
October 17, 2018
Chad Wilson talking to HIMSS TV
Video

Balancing access and usability with security is top priority for hospitals

Chad Wilson, director of information security at Children’s National, explains how timely...
By HIMSS TV |
October 16, 2018
Theresa Payton talking to HIMSS TV
Video

Cybersecurity segmentation strategy mitigates digital disasters

Theresa Payton, president and CEO of Fortalice Solutions, explains how to avoid digital disasters...
By HIMSS TV |
October 16, 2018
Brian Selfridge talks to HIMSS TV
Video

Cybersecurity program ideal? Map NIST, HITRUST and other cybersecurity frameworks together

Brian Selfridge, partner at IT Risk Management for Meditology, also explains the evolving role of...
By HIMSS TV |
October 17, 2018
Kirk Lippold talking to HIMSS TV
Video

Executives faced with crisis need intellectual honesty from all levels

Kirk Lippold, commander of United States Navy (RET), explains how intellectual honesty requires a...
By HIMSS TV |
October 18, 2018

Cyber Insurance

man under two umbrellas
News

You’ve been breached, so what does that mean with cyber insurance?

The final chapter in our cyber insurance series outlines the legal considerations after a breach,...
By Jessica Davis |
October 24, 2018
computer screen with data breach
News

Cyber Insurance Series, Part 1: What you need to know

Part one of our cyber insurance series focuses on cyber policies and how organizations need to do...
By Jessica Davis |
October 02, 2018
illustration of man holding red umbrella
News

Key to cyber insurance process is finding the right broker

Part two of our cyber insurance series highlights the need for healthcare organizations to compare...
By Jessica Davis |
October 09, 2018
illustration of man holding red umbrella
News

Policy mistakes to avoid when choosing cyber insurance

Part three in our cyber insurance series highlights red flags and common mistakes to avoid when...
By Jessica Davis |
October 16, 2018
man under two umbrellas
News

You’ve been breached, so what does that mean with cyber insurance?

The final chapter in our cyber insurance series outlines the legal considerations after a breach,...
By Jessica Davis |
October 24, 2018

HIMSS LEARNING CENTER

Upcoming Webinars / Webinar

Ask the Healthcare Industry: Phishing is a Pain

A third of all breaches target healthcare companies. If you're in healthcare, or any other...
October 10, 2018
Upcoming Webinars / Webinar

The Future of Medicine: Protecting Privacy Without Impacting Quality of Care

How do you ensure ease of access to patient records in a timely manner without compromising privacy...
By Okta |
October 11, 2018
Upcoming Webinars / Webinar

Compliance as Code: Automate Compliance Using Open Source Technology

This session will review the OpenSCAP compliance as code offering and how to automate your...
October 30, 2018

ACTIVE THREATS

Ryuk ransomware
News

HHS HCCIC cybersecurity alert: New Ryuk ransomware quickly racking up damage

Similar to the notorious SamSam variant that has wreaked havoc on the healthcare sector, the new...
By Jessica Davis |
September 05, 2018
Screensnaps of Whats App, iMessage and Facebook Messenger
News

Facebook Messenger, WhatsApp, iMessage use at UK NHS adds new security concerns

Although the health system has been repeatedly dinged for lax security practices, most NHS...
By Mike Miliard |
August 29, 2018
Fax machines can breach a network
News

Fax machines can be hacked to breach a network, using only its number

While CMS Administrator Seema Verma called for the end of fax machine use by 2020, new Check Point...
By Jessica Davis |
August 15, 2018
email login on user screen
News

Cybersecurity pros share countermeasures for protecting against insider threats

Active training via simulated phishing, progressive disciplinary measures, disabling hyperlinks and...
By Bill Siwicki |
August 07, 2018
Homeland Security warns of spike in ERP system attacks
News

Homeland Security warns of spike in ERP system attacks

The web-based applications are designed to help organizations manage finances, HR issues and more...
By Jessica Davis |
July 26, 2018
RDP backdoors for $10 to hack into healthcare systems
News

RDP backdoors cost just $10 on dark web: How to avoid getting hacked

With access to hacked machines cheaply available and thousands of new ports being added daily, it...
By Jessica Davis |
July 25, 2018
GandCrab ransomware variant targeting legacy systems
News

GandCrab ransomware variant targeting legacy systems: What you need to know

The newest variant of the prolific ransomware forms this year has been updated to include a stolen...
By Jessica Davis |
July 12, 2018
ransomware lock screen for users
News

SamSam ransomware hackers bank $6 million and counting from victims

What experts are saying hospitals can do now to avoid falling prey to the ransomware as hackers...
By Jessica Davis |
August 03, 2018

Thought leaders on HIMSS TV

Healthcare Security Forum presenters talk about preventing medical device hacks
Video

Presentation: Dissecting the anatomy of a medical device hack

Jeff Tully, security researcher at the UC Davis, and Christian Dameff, emergency medical doctor at...
By HIMSS TV |
August 13, 2018
Jane Harper of Henry Ford Health System talks about security risk management at Healthcare Security Forum
Video

Presentation: 'Trust but verify' must be your guiding principle

Jane Harper, director of privacy and security risk management at Henry Ford Health System,...
By HIMSS TV |
July 12, 2018
Anahi Santiago, CISO and Christiana Care Health System talking at Healthcare Security Forum in San Francisco
Video

Presentation: Agile security for the modern healthcare organization

Anahi Santiago, CISO and Christiana Care Health System, discusses strategies healthcare companies...
By HIMSS TV |
August 02, 2018
Allyson Vicars of Advisory Board talks about security at Healthcare Security Forum
Video

Presentation: Building an enterprise approach to mitigating risk

Allyson Vicars, associate director of health IT research at the Advisory Board, give a deep...
By HIMSS TV |
July 13, 2018
Lee Kim of HIMSS Analytics talks about cybersecurity with HIMSS TV
Video

Presentation: A look at healthcare security, now and for the future

Lee Kim, director of privacy and security at HIMSS, gives a comprehensive overview of the threats,...
By HIMSS TV |
July 12, 2018
Michael Archuleta of Mt. San Rafael Hospital talks about data risk at Healthcare Security Forum
Video

Presentation: Managing today's healthcare information explosion

Michael Archuleta, CIO and HIPAA and information security officer at Mt. San Rafael Hospital, takes...
By HIMSS TV |
July 13, 2018

Cybersecurity Investments

underinvesting in cybersecurity can cost you a lot per patient record
News

Still underinvesting in cybersecurity? It'll cost you $408 per patient record

A breach in financial services, the second most expensive sector, costs only half of what hospitals...
By Jessica Davis |
July 13, 2018
Hospitals investing big in clinical communications with secure texting
News

Hospitals investing big in clinical communications as secure texting gains traction

Health system executives are convinced that mobile technology improves patient safety, but are...
By Mike Miliard |
June 11, 2018

Other special projects

The biggest healthcare data breaches of 2018 (so far)

The next-generation of healthcare tech

Healthcare innovation solving problems and improving the patient experience