HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee reflects on the just-concluded Healthcare Security Summit in New York in the latest edition of the ISMG Security Report. Also, PCI Security Standards Council CTO Troy Leach addresses ransomware risks.

A report on new White House rules on when to disclose cybersecurity vulnerabilities to software vendors leads the latest edition of the ISMG Security Report. Also, storing passcodes in clothing.

The healthcare sector should consider adopting cybersecurity best practices implemented in the financial sector, especially those related to supply chain security and information sharing on cyberattacks, says security expert Greg Garcia.

In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations' operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross.

The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.

The latest ISMG Security Reports leads with a top DHS cybersecurity leader, Jeanette Manfra, providing a case study on how information sharing helped mitigate the WannaCry attack in the U.S. Also, the SEC mulls toughening its cyber risk reporting requirements.

Dr. Suzanne Schwartz of the FDA clears up some myths and misunderstandings about medical device security in an in-depth interview. She'll be a featured speaker at Information Security Media Group's Healthcare Security Summit, to be held Nov. 14-15 in New York.

A report on the head of Equifax contending that his company - not individual consumers - owns the personally identifiable information the credit reporting agency markets to lenders leads the latest version of the ISMG Security Report. Also, a preview of the ISMG Healthcare Security Summit.

The success of any security initiative comes down to one crucial element: an educated, engaged workforce. And that requires an effective security awareness program, says Mark Eggleston, chief information security and privacy officer at Health Partners Plans. But how can you tell if your program is working?

Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."