The CyberPHIx Roundup is your quick source for keeping up with the latest in cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• Major shifts in cyber liability coverages and protections and results from a recently released U.S. Government Office of Accountability (GAO) report
• Scripps Health system network outage continues a month after initial cyberattack
• Russian SolarWinds attackers are back at it with a large spear phishing campaign following a compromise of USAID systems
• Security firm Rapid7 becomes a victim of a software supply chain breach targeting source code
• OCR’s latest settlement details and analysis on the resolution agreement with Peachstate Health Management
• OCR and HHS “wall of shame” aggregate reporting trends for 2021 and analysis of major reported breaches this past month
• U.S. House Committee on Homeland Security advances five new bills to improve cyber defenses

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this special episode, our host Brian Selfridge provides a rundown of the presidential executive order, Improving the Nation’s Cybersecurity, signed by President Biden in May. Also covered is the executive order, America's Supply Chains, signed in February of this year.

The executive order is the second and most comprehensive of two executive orders issued by President Biden on cybersecurity topics this year. Brian provides a summary of the orders and discusses implications for healthcare entities.

Analysis is provided for key topics from the executive order including:

• Enabling the sharing of threat intelligence and protection mechanisms
• Modernizing federal government cybersecurity
• Enhancing software supply chain security
• The establishment of a cyber safety review board
• Standardizing the federal government’s playbook for responding to cybersecurity incidents and vulnerabilities
• Improving detection of cybersecurity vulnerabilities and incidents on federal government networks
• Improving the federal government's investigative and remediation capabilities
• National security systems requirements

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• National emergency declared for Colonial Pipeline ransomware attack; details and implications for healthcare entities
• Analysis of the Cloud Security Alliance Report titled The State of Cloud Security Concerns, Challenges, and Incidents
• CISA’s new guidance for managing supply chain risks, including lessons learned from a historical review of supply chain attacks for the past decade
• CISA/FBI alert on the “FiveHands” ransomware attackers
• A new GDPR EU directive and pending legislation requiring continuous due diligence of third-party vendors
• NIST soliciting comments for updating their guidance on implementation of the HIPAA Security Rule

Who is responsible for cybersecurity? It’s a simple question, but the answer may be more complex than you think.

Listen in to this episode of The CyberPHIx as we sit down with TJ Mann, Chief Information Security Officer at Children's Mercy Hospital in Kansas City.

TJ helps us understand why it takes a cyber village to protect healthcare organizations. We delve into the roles and responsibilities that various stakeholder groups need to play to support and deliver effective information security programs.

Highlights of the discussion include:

• Which specific roles and stakeholders have the greatest impact on cybersecurity program effectiveness
• Healthcare business units that carry the most risk for healthcare entities
• Managing accountability for third-party vendors and shadow IT groups
• The changing role of enterprise risk management in healthcare
• Busting the myth that there is only one kind of end user
• The tension and collaboration between security, internal audit, and compliance functions
• The impact of the remote workforce on security roles and expectations
• The evolution of security leadership and team roles and functions

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• Analysis of Mandiant’s M-Trends 2021 Cyber Attacks and Trends Report and implications for healthcare
• Shifts in threat vectors due to remote work, ransomware focus, and adversary techniques. Teaser: phishing is no longer the top threat vector
• FBI / CISA Alert: Top 5 “favorite” attack methods of the Russian SVR ransomware group targeting healthcare (e.g. Citrix, VMWare, and other specific exploits)
• President Biden’s sanctions and diplomatic pressure on Russia for healthcare cyberattacks
• Breach update: the latest healthcare supply chain breaches and trends with high-risk vendor “categories” like revenue cycle management; CareFirst healthcare payer breach analysis
• $1.5m penalty for the New York DFS cybersecurity regulation and its impact for healthcare entities
• 21st Century Cures Act updates

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• President Biden’s executive order on supply chain risk that calls out healthcare specifically
• Analysis of a claims fraud case in Texas with a troubling scope including intentionally hastening patient deaths
• Highlights from a recent study on increased patient awareness and impact over ransomware and telemedicine breaches
• New UN standards for nation state online behavior and implications for enforcement and deterrents for cyberattacks targeting healthcare
• Macro trends on the momentum of cyberattacks, patient awareness, and countermeasures in national and global theaters

Obtaining enterprise cybersecurity certifications can be a daunting task for those embarking on the process for the first time as well as those that are managing repeat certifications.

Some critical questions emerge: Which certification is the best for my organization? How do I limit the cost, time, and requirements to achieve certification? Will obtaining a healthcare certification make us HIPAA compliant? What else do I need to know to get through the certification process?

Join us for this episode of The CyberPHIx podcast where we speak with Bethany Page Ishii, Director at Meditology Services. Bethany leads Meditology’s healthcare cybersecurity certifications and shares her insights in working to successfully certify countless healthcare entities for more than a decade.

Highlights of the discussion include:

• Overview and adoption levels for cybersecurity certifications in healthcare including SOC 2, HITRUST, ISO, and others
• Common pitfalls that can add time and cost to the certification process
• The role of certifications in addressing major breaches and supply chain risks
• The relationship between HIPAA compliance and security certifications
• How to handle security control gaps and still obtain certifications
• Review of security certifications for individuals and recommendations for healthcare professionals

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• Microsoft’s Exchange email critical exposure for healthcare entities
• New ransomware report cites $20b in losses for healthcare in 2020 alone; details and analysis are provided
• A major hack of over 150,000 security cameras allows external parties to view ICU rooms and other hospital locations
• HIPAA Privacy Rule comment period extensions
• COVID-19 vaccine registration websites getting hit by malware bots

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• UHS announces $67m cost from recent ransomware attack
• OCR HIPAA enforcement rundown for 2021
• Accellion file transfer application supply chain breach and impacts on healthcare
• SolarWinds CEO testimony and analysis on the surprising position taken by the company
• Cyber warfare perspective and predictions for healthcare

What does it mean to be a pragmatic healthcare CISO and how does that differ from pursuing more idealistic, and perhaps unattainable, cybersecurity strategies?  

Join us for this episode of The CyberPHIx as we speak with Mitch Parker, CISO at Indiana University Health. We tap into Mitch’s decades of operational security experience to find out what really works when implementing cybersecurity and compliance programs for healthcare entities.

Highlights of the discussion include:

• Differentiating pragmatic vs. idealistic security leaders and programs
• Realistic and achievable thresholds for typical security domains including vulnerability management, medical device security, phishing protections, and more
• How to identify projects that may not yield expected returns on investment
• Customer service-oriented cybersecurity approaches
• Effective techniques for relationship building and stakeholder management