New York-Presbyterian has more than 72,000 medical devices from over 1,400 manufacturers, says CISO Jennings Aske. Given that scale, how can a security leader help ensure device cybersecurity? Aske shares his view of what's needed from manufacturers and the government.
The U.S. Food and Drug Administration issued cybersecurity expectations for manufacturers of medical devices. But ow are those expectations being met, and what is the FDA's ongoing role in improving device security? The FDA's Suzanne Schwartz offers an update.
It's been seven years since Dale Nordenberg, a pediatrician, became involved in the drive to improve medical device security. What progress does he see among manufacturers, government agencies and healthcare providers?
Artificial intelligence can help improve network health by building a "pattern of life" for every device, user and network, says Justin Fier of Darktrace, who explains how to improve network visibility.
The HITRUST Cyber Threat Xchange played a role in making U.S. healthcare organizations aware of the worldwide WannaCry ransomware campaign early enough to help them thwart the threat, says HITRUST's Elie Nasrallah.
Two-factor authentication solutions face two problems: They are not widely adopted, and attackers find them far too easy to crack. What's the answer? New risk-based multifactor solutions, says Jim Wangler of SecureAuth.
Christiana Care Health System, which operates a network of hospitals, is working on several risk management priorities for 2018, including adopting the HITRUST framework, implementing appropriate controls for protecting against emerging threats and phasing in new security technologies, says Anahi Santiago, CISO.
Email, which is too easily spoofed, phished or taken over, remains a leading cybersecurity risk. But finally, after years of pushing, the Domain-based Message Authentication, Reporting and Conformance standard, or DMARC is helping to bolster email security, says Phil Reitinger, CEO of the Global Cyber Alliance.
New research shows that the automation of five key security controls is lacking at a majority of organizations, says Ted Gary of Tenable.
A key reason why: the lack of skilled cybersecurity professionals.
Improving network security requires understanding your environment and controlling it before implementing network segmentation, says Nathaniel Gleicher of Illumio, who explains lessons that can be learned from the Secret Service's approach.
Medical devices are increasingly used by cybercriminals to compromise networks, systems and patient data, says Dr. Jack Lewin of the consultancy Lewin and Associates, who's also chairman of the National Coalition on Health Care. That's why physicians should be advocates for better device security.
The lack of skilled personnel is hampering incident response, but automation can help, says Mike Fowler of DFLabs. Providing responders with "playbooks" for step-by-step incident response processes, for example, is essential, he contends.
Connected medical devices are a significant potential new attack surface that may not be covered by security tools and systems, says Ariel Shuper of Check Point Software Technologies. How can healthcare providers immunize their medical devices against threats before they are compromised?