Logo
    Search
    Home > Episode > The CyberPHIx Roundup: Industr

    About this Episode

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry leading practices, specifically for the healthcare industry. 

    In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: 

    • Deep dive into new CISA Cybersecurity Performance Goals (CPGs) for healthcare and critical infrastructure 
    • NSA releases new “hacker’s playbook” for operational technology (OT) cyberattacks 
    • American Hospital Association (AHA) endorses the Healthcare Cybersecurity Act draft bill 
    • Gramm-Leach-Bliley Act (GLBA) amendments become effective this December that may bring healthcare into scope for GLBA security requirements and enforcement 
    • Massive ransomware outage for CommonSpirit Health impacting over 142 hospitals and the Epic MyChart EHR platform 
    • Advances in quantum computing for encryption and the potential for “Q-day” events that could expose all encrypted data to unauthorized decryption 
    • HHS warns of abuse of common security and system administration tools that are being abused by attackers 
    • CISA alert about Daixin Team ransomware gang targeting healthcare PACS environments via VPN and RDP attacks 
    • New stats and guidance on public cloud security trends and recommendations 
     

    Recent Episodes from The CyberPHIx: Meditology Services Podcast

    Artificial Intelligence: Use Cases and Cybersecurity & Privacy Implications in Healthcare

    Artificial Intelligence: Use Cases and Cybersecurity & Privacy Implications in Healthcare

    Join us for this episode of The CyberPHIx podcast, where we hear from Morgan Hague 

    Morgan is the manager of IT Risk Management at Meditology Services and has been in the industry for nearly a decade. He has worked with hundreds of organizations in an advisory capacity helping to assess or audit security functions to drive program maturity. He also leads Meditology’s strategic risk management consulting service line and is a subject matter expert in threat mitigation and risk program development. 

    Topics covered in this session include:  

    • A deep dive into the emerging use cases for AI in the healthcare setting
    • The risks related to AI that defenders need to be aware of and how real and relevant those risks are in the current state
    • Data Poisoning, Input Manipulation, Membership Reference & Model Inversion
    • AI-driven attacks and human security risks
    • Privacy concerns with the use of AI
    • New regulations coming online that directly affect the use of AI
    • Controls we should be considering for AI
    • Frameworks that already exist to help us understand the control options
    • And some practical tips on where to get started 
    The CyberPHIx: Meditology Services Podcast
    enJuly 31, 2023
    ai
    privacy
    healthcare
    security
    riskmanagement
    inputmanipulation
    datapoisoning
    securityframework
    itrm

    The CyberPHIx Roundup: Industry News & Trends, 5/8/23

    The CyberPHIx Roundup: Industry News & Trends, 5/8/23

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

    • The Changes to HHS 405(d) HICP publication on the top 5 threats and top 10 security practices for healthcare 

    • The NIST Cyber Security Framework 2.0 Discussion Draft  

    • The riskiest connected medical devices and IoT (including nurse call, infusion pumps, and IP cameras) 

    • Some free security awareness resources for clinicians from Health Sector Coordinating  

    • Moody’s report on healthcare lagging behind other industries in implementing cybersecurity practices 

    • OCR regulatory focus on pixel tracking technologies on HIPAA-Covered-Entity websites 

    • Some fascinating numbers on the increase in lawsuits after breaches and ransomware payment averages 

    • A new ally for security leaders in the Chief Supply Chain Officer (CSCO) 

    • And Apple’s new Rapid Security Response updates for iOS, iPadOS, and macOS 

    The CyberPHIx: Meditology Services Podcast
    enMay 09, 2023
    privacy
    healthcare
    security
    governance
    cybersecurity
    iot
    supplychain
    hipaa
    ocr
    incidentresponse

    HITRUST v11 and Third-Party Risk: Insights from HITRUST Leadership

    HITRUST v11 and Third-Party Risk: Insights from HITRUST Leadership

    Join us for this episode of The CyberPHIx podcast where we hear from Ryan Patrick, Vice President of Adoption at HITRUST 

    Ryan works with clients to understand and implement the HITRUST-validated assessments that best suit their organization’s risk profile. Prior to this role, he spent many years as a security practitioner and IT lead in a wide range of organizations from the US Army to Covered Entities to healthcare cybersecurity consulting firms. He has a wealth of practical security experience that informs every discussion about security or HITRUST.  

    Topics covered in this session include:  

    • The new HITRUST v11 and what it means for organizations who are considering the HITRUST journey
    • HITRUST’s traversable levels of assurance from e1 to i1 to r2
    • A newly created threat adaptive control selection process they use
    • How broken and unsustainable TPRM (Third Party Risk Management) is today
    • How HITRUST services fit into the third-party risk landscape
    • A discussion about the new Health Third Party Trust (H3PT) council and what that group is trying to do to solve TPRM
    • An invitation to meet either of us in person at HIMSS in Chicago April 17 – 21
    • And a cool update on HITRUST’s Results Distribution System (RDS) and the automation opportunities it will provide 
    The CyberPHIx: Meditology Services Podcast
    enApril 10, 2023
    privacy
    healthcare
    security
    cybersecurity
    hipaa
    himss
    csf
    tprm
    hitrust
    thirdpartyrisk

    The CyberPHIx Roundup: National Cybersecurity Strategy, 3/22/23

    The CyberPHIx Roundup: National Cybersecurity Strategy, 3/22/23

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

    Our host Britton Burton spends this entire episode reviewing and analyzing the recently released National Cybersecurity Strategy, including: 

    • Summarizing, and in some cases quoting, the key points from the document that are most relevant to healthcare security pros who may have time to listen but not read 

    • Analyzing how those key points will affect the healthcare industry in the coming months and years 

    • Explaining how (and when) the rulemaking process might play out 

    • The impact this could have on cloud and third-party risk 

    • Implications of incident reporting and the positive side of the emphasis on it 

    • An interesting wrinkle in the cyber insurance space 

    • Increased scrutiny on IoT manufacturers 

    • How the technology and software industry is similar to the automotive industry 50 years ago 

    • And much more! 

    The CyberPHIx: Meditology Services Podcast
    enMarch 22, 2023
    healthcare
    cybersecurity
    iot
    cyberinsurance
    thirdpartyrisk
    nationalcybersecuritystrategy
    incidentreporting

    THE CYBERPHIX ROUNDUP: INDUSTRY NEWS & TRENDS, 2/7/23

    THE CYBERPHIX ROUNDUP: INDUSTRY NEWS & TRENDS, 2/7/23

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

    • The Federal Trade Commission’s (FTC) first Health Breach Notification Rule Enforcement action against GoodRx 
    • An unsurprising report from OCR on security rule compliance areas that HIPAA-regulated entities need improvement plus the most common remediation actions taken by breached entities 
    • Semi-definitive information about the date and final rule content of the SEC’s looming rule for publicly traded companies on Cybersecurity disclosures and risk management 
    • NIST’s announcement on a new lightweight cryptography algorithm that can be used by IoT and Medical Devices 
    • The disheartening cyber attack on the 988 suicide and mental health helpline 
    • Interesting new trend data on the lower volume of healthcare breaches but higher count of individuals affected by those breaches 
    • A recent surge in Wiper malware attacks, thanks in large part to the Russia/Ukraine war 
    • A fascinating narrative on cyber insurance involving exclusion of nation-state attack vectors from policies, sharper focus on TPRM programs, and a ransomware gang’s unusual request to its victims
    The CyberPHIx: Meditology Services Podcast
    enMarch 01, 2023
    healthcare
    cybersecurity
    compliance
    pci
    sra
    hipaa
    hitrust

    THE CYBERPHIX ROUNDUP: INDUSTRY NEWS & TRENDS, 3/1/23

    THE CYBERPHIX ROUNDUP: INDUSTRY NEWS & TRENDS, 3/1/23

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

    • The Federal Trade Commission’s (FTC) first Health Breach Notification Rule Enforcement action against GoodRx 
    • An unsurprising report from OCR on security rule compliance areas that HIPAA-regulated entities need improvement plus the most common remediation actions taken by breached entities 
    • Semi-definitive information about the date and final rule content of the SEC’s looming rule for publicly traded companies on Cybersecurity disclosures and risk management 
    • NIST’s announcement on a new lightweight cryptography algorithm that can be used by IoT and Medical Devices 
    • The disheartening cyber attack on the 988 suicide and mental health helpline 
    • Interesting new trend data on the lower volume of healthcare breaches but higher count of individuals affected by those breaches 
    • A recent surge in Wiper malware attacks, thanks in large part to the Russia/Ukraine war 
    • A fascinating narrative on cyber insurance involving exclusion of nation-state attack vectors from policies, sharper focus on TPRM programs, and a ransomware gang’s unusual request to its victims
    The CyberPHIx: Meditology Services Podcast
    enMarch 01, 2023
    healthcare
    cybersecurity
    compliance
    pci
    sra
    hipaa
    hitrust

    The CyberPHIx Roundup: Industry News & Trends, 2/7/23

    The CyberPHIx Roundup: Industry News & Trends, 2/7/23

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

    • A new National Cybersecurity Strategy coming from the Biden administration in the next few weeks 
    • Healthcare cybersecurity legislation with mandatory requirements coming from Senator Mark Warner by the end of 1Q 
    • More ChatGPT analysis on malware writing and that it is NOT suitable for use in a HIPAA Privacy compliant manner 
    • A small hospital in Illinois closes due to COVID expenses and a cyber attack that shut down billing 
    • The new Rural Emergency Hospital rule for struggling critical access and rural facilities 
    • The impact of travel nursing on cybersecurity 
    • FBI and Hive ransomware + why FBI wants more victims to call them 
    • Microsoft OneDrive takes first place for cloud app malware distribution 
    • A new DDoS threat from KillNet against healthcare and what to do about it 
    • An interesting update from the Russian/Ukraine war 
    • A call for community help on the evolution of NIST CSF and CSA CCM 
     
     
    The CyberPHIx: Meditology Services Podcast
    enFebruary 07, 2023
    privacy
    security
    ransomware
    fbi
    cybersecurity
    hipaa
    cloudsecurity
    ethicalhacking
    hitrust
    securityriskassessment

    The CyberPHIx Roundup: Industry News & Trends, 1/16/22

    The CyberPHIx Roundup: Industry News & Trends, 1/16/22

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

    • New FDA authority granted by December’s omnibus bill is a big step towards better medical device security 
    • HITRUST teases their new CSF v11 release 
    • CommonSpirit Health class action lawsuit 
    • The fallout from the LastPass follow-on breach 
    • The possibly similar situation that might be occurring at Okta  
    • JAMA Health Forum’s outstanding metrics study on ransomware attacks in healthcare from 2016 – 2021 
    • The nefarious use cases of OpenAI’s ChatGPT 
    • Clop ransomware group’s tactics for taking advantage of Telehealth appointments to deploy malware 
    • An apology from LockBit ransomware group for an attack on a children’s hospital (really!) 
    • Healthcare CISOs collaborating thru Healthe3PT to solve the third-party risk problem 
    • A major precedent-setting breach settlement order from FTC against Drizly and its CEO 
     
     
    The CyberPHIx: Meditology Services Podcast
    enJanuary 16, 2023
    healthcare
    ciso
    security
    it
    ransomware
    data
    cybersecurity
    compliance
    ftc
    telehealth

    Top 10 Cyber Risk Exposure Trends and Predictions for 2023

    Top 10 Cyber Risk Exposure Trends and Predictions for 2023

    The CyberPHIx is your source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights some bold, and some not so bold, predictions for healthcare cybersecurity in 2023. Topics covered include: 

    • Continued escalation and evolution of ransomware attacks 
    • Our growing dependency on cloud platforms and vendor solutions shifting the attacker’s focus and changing breach trends 
    • New baseline expectations for critical infrastructure cybersecurity that could lead to increased federal or state level rule making 
    • Remote work and Zero Trust 
    • Medical devices, IoT, OT, & IoMT (oh my!) 
    • The rise of the class action lawsuit 
    • The continued expansion and cool solution ideas for 3rd and 4th party risk 
    • The importance of security assurances and validated assessments / certifications 
    • The curios case of cyber liability insurance 
    • A new emphasis from the board on cyber resilience and TPRM 
     
     
    The CyberPHIx: Meditology Services Podcast
    enDecember 28, 2022
    privacy
    healthcare
    security
    cybersecurity
    compliance
    iot
    ot
    hipaa
    cloudsecurity
    tprm

    The CyberPHIx Roundup: Industry News & Trends, 12/15/22

    The CyberPHIx Roundup: Industry News & Trends, 12/15/22

    The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry leading practices, specifically for the healthcare industry. 

    In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this week: 

    • OCR releases more detail on their Recognized Security Practices (RSPs) and what they mean for Covered Entities 
    • A cool new tool from the FTC for mobile health app developers to quickly determine which security and privacy regulations are in scope for their app 
    • Trends in the consumerization of healthcare with some interesting technology announcements from Amazon and Epic 
    • The next step in the Meta Pixel story, including some interesting guidance from OCR in how Covered Entities need to handle these tracking technologies 
    • A new Medical Device Security Playbook from a MITRE and FDA collaboration 
    • A Moody’s report on how inflation is hindering health systems' ability to bolster cybersecurity 
    • An interesting impact you may not have expected in the CommonSpirit ransomware story 
    • A landmark decision in the realm of cybersecurity insurance in the T-Mobile / Zurich American Insurance case 
    • A report from Senator Mark Warner that gives us a glimpse into some regulatory activity we might see in 2023 
     
     
    The CyberPHIx: Meditology Services Podcast
    enDecember 15, 2022
    privacy
    security
    fda
    compliance
    ftc
    hipaa
    ocr
    tefca
    healthcarecybersecurity
    rsps
    Logo

    © 2024 Podcastworld. All rights reserved

    TwitterYouTubeInstagramPinterestFacebookLinkedIn

    Company

    About usBlogPricingTestimonials

    Pages

    PodcastsEpisodesTopics

    Support

    Refund PolicyTerms of ServiceContact usPrivacy Policy

    Stay up to date

    For any inquiries, please email us at hello@podcastworld.io