When I look at what topics are going to be trending at the upcoming HIMSS 2022 conference in Orlando, healthcare security lands in my top 2 topics. While some may feel that the topic of security is getting old (and in some ways it is), the number of ransomware attacks, the increasing attack surface, and the risks to healthcare organizations have made security top of mind for every healthcare organization.
When I was talking with Fortinet about their plans for the HIMSS conference (Find them in Booth #1369) I realized that there were a number of security lessons those attending the conference could learn by talking with healthcare security companies like Fortinet. Here’s my top 4 security lessons:
Understanding Current Cyber Security Events
When you’re busy working the day job, it’s hard to keep up with all the latest cyber security events. The good news when you visit with a Fortinet security expert is that they’re staying up on all the latest news and threats. It’s important to know how the threat landscape is changing and talking with security experts at HIMSS can help you get up to speed on the latest security events. Plus, more importantly you can understand how those security events are impacting healthcare and what you should be doing to make sure your organization is protected.
Best Practices to Protect Against Ransomware
If you don’t think your organization is at risk for a ransomware incident, then it’s time to pull your head out of the sand. HIMSS will have many people who have had first hand experiences with ransomware. Learning from them will be valuable to help you know what best practices you should be implementing at your organization to minimize your risk for ransomware. We know no system is fool proof, but everyone sleeps better at night when you’ve made an effort to minimize the risk based on best practices and other organization’s experience.
Organizational Incident Response
In some ways connected to the previous item on ransomware, HIMSS is a great time to learn how your organization should respond to an incident. It feels almost trite to say this now, but every security person knows that it’s not a question of if, but a question of when your organization will be breached. This should include the right mix of technology which helps you identify the problem and the organization processes needed when an incident occurs.
Identify Foundational Security Elements
Time flies when you’re having fun, but it also flies when it comes to the evolution of security technology. HIMSS is a great time to talk with vendors and other security professionals to understand what security elements have become foundational to a healthcare organization’s security posture. Once you’ve identified these elements, you can do an audit of your own security posture to understand where you may be falling short.
When I talked to Fortinet, they now describe their approach as a network security fabric that provides a comprehensive security platform. This platform secures clinicians and devices anywhere utilizing Security Driven Networking, SASE, Zero Trust, and Security Operations Technologies across the healthcare ecosystem. How comprehensive is your security infrastructure?
If you want to start diving into these 4 security lessons at HIMSS, schedule a meeting with the security professionals at Fortinet or stop by the Fortinet HIMSS Booth #1369. They have a great understanding of the healthcare security landscape and how you can improve your security efforts. Word on the street is they’re going to have a really cool game you can play in their booth too.
Fortinet also has two HIMSS22 Lunch & Learn sessions: Healthcare Connected Medical Devices Threats and Best Practices to Mitigate Risk and Top 7 Threats and Challenges for Pharmaceutical and BioTech Companies in 2022. Click the link to learn more and register (Note: Registration Closed).
Hi John. I’ve been assisting ophthalmology practices with the Security Risk Assessment for about 8 years. When asked about reporting that it was done, it turns out that there is only a check box. If cybersecurity, ransomware and the like are hot topics, why is accountability and the demonstration of compliance nearly non-existent? Why should practices just copy and paste from one year to the next and save themselves money? Why should they maintain documentation that no one looks for, unless an audit occurs (and how often is that?)? Working with them has been great and it’s highly frustrating when they see breaches being fined and yet non-compliance or documentation of changes in risk response being overlooked.