• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact

Created by ChatGPT

December 2024 - Healthcare Executive Leadership Cybersecurity Newsletter

December 9, 2024

These are the stories I shared internally with my leadership. Feel free to take and use for your own leadership. Created with help from ChatGPT.

New Professional Liability Insurance for CISOs 

In response to the increasing legal scrutiny faced by Chief Information Security Officers (CISOs), Crum & Forster has introduced a professional liability insurance policy tailored specifically for these executives. Traditionally, directors and officers (D&O) liability policies have not encompassed CISOs, leaving them vulnerable to personal financial risks in the event of cybersecurity incidents. 

Key Features of the Policy: 

  • Comprehensive Coverage: Protects against claims of negligence or inadequate work arising from cybersecurity services. 

  • Flexible Acquisition: Available for purchase by organizations on behalf of their CISOs or directly by the CISOs themselves. 

  • Extended Protection: Covers consulting activities for the organization and its subsidiaries, as well as external engagements, including pro bono IT security work. 

Further Reading: CyberScoop Article 

 

 

Bipartisan Effort to Enhance Healthcare Cybersecurity 

On November 22, 2024, Senators Bill Cassidy (R-LA), Mark Warner (D-VA), John Cornyn (R-TX), and Maggie Hassan (D-NH) introduced the Health Care Cybersecurity and Resiliency Act of 2024. This bipartisan legislation aims to bolster cybersecurity measures within the healthcare sector, addressing the increasing threats to patient data and healthcare operations.  

Help Center 

Key Provisions: 

  • Grant Funding: Allocates resources to healthcare entities for enhancing cyberattack prevention and response capabilities. 

  • Training Initiatives: Provides cybersecurity best practices training to healthcare institutions. 

  • Support for Rural Providers: Offers tailored guidance to rural health clinics on breach prevention and resilience strategies. 

  • Interagency Coordination: Improves collaboration between the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) for effective cyberattack responses. 

  • Regulatory Modernization: Updates Health Insurance Portability and Accountability Act (HIPAA) regulations to incorporate current cybersecurity best practices. 

  • Incident Response Planning: Mandates the development and implementation of a cybersecurity incident response plan by the HHS Secretary. 

Implications for Healthcare Organizations: This legislation underscores the critical need for robust cybersecurity frameworks within healthcare institutions. Executive leaders should proactively assess their organization's cybersecurity posture, ensuring alignment with emerging standards and readiness to leverage potential federal support. Embracing these initiatives will not only protect sensitive patient information but also enhance operational resilience against cyber threats. 

Further Reading: Senate HELP Committee Press Release 

 

In News Tags Newsletter, Executive Leadership, Healthcare
Comment

November 2024 Executive Leadership Cybersecurity Newsletter

November 12, 2024

This is a monthly newsletter I put together for our executive team with a lean towards healthcare. Created with help from ChatGPT.

Ransomware Threats Surge Globally in 2023 

Summary: The 2023 Global Ransomware Incident Map highlights a 73% rise in ransomware attacks, targeting sectors like healthcare and finance. Cybercriminals are increasingly using "big game hunting" tactics, exploiting vulnerabilities such as the MOVEit flaw. This trend underscores the urgent need for businesses to bolster cybersecurity defenses and improve incident response strategies. 

Further reading: Institute for Security and Technology. 

 

 

AI Risks in the Workplace 

A recent study by CybSafe revealed that 38% of workers are sharing sensitive information with AI tools, often without their employer's knowledge. This raises significant security concerns, especially since over half of employees have not received training on safe AI use. With the growing reliance on AI, it's crucial for executives to implement clear guidelines and provide training on secure AI practices to mitigate the risk of data breaches and protect intellectual property. 

Further reading: CybSafe - AI Security Risks. 

 

 

North Korean IT Worker Incident Highlights Hiring Risks 

A recent cyberattack on a company underscores the dangers of unknowingly hiring North Korean operatives. The organization accidentally hired a North Korean IT worker who accessed sensitive data and demanded a ransom. This highlights the need for stringent vetting in remote hiring practices, especially as North Korea increasingly infiltrates global companies. 

Recommended Protections: 

  • Implement strict identity verification for remote workers. 

  • Conduct thorough background checks with global databases. 

  • Regularly monitor employee network activity for unusual behavior. 

Further reading: GBHackers - North Korean IT Worker Incident. 

 

 

Healthcare Supply Chain Attacks on the Rise 

A recent Proofpoint report reveals that 68% of healthcare workers have faced a supply chain cyberattack, with 82% of these incidents affecting patient care. 

Key Insights: 

  • 68% of healthcare workers report supply chain cyberattacks. 

  • 82% of incidents resulted in disruptions to patient care. 

  • Attacks cause delays in procedures and increase patient risks. 

  • Ransomware and business email compromise are growing threats. 

Further reading: Security Magazine - Supply Chain Attacks. 

 

 

Change Healthcare Breach – Key Insights and Implications 

In February 2024, Change Healthcare experienced a substantial ransomware attack, compromising the personal, financial, and medical information of approximately 100 million Americans. This incident highlights critical vulnerabilities within the healthcare sector and raises concerns about protecting patient data. 

Key Insights: 

  • Breach Scope: Sensitive data, including Social Security numbers, medical records, and billing information, was exposed, impacting millions of patients. 

  • Financial Impact: UnitedHealth Group, Change Healthcare’s parent company, incurred breach-related costs totaling $2.457 billion, including $1.521 billion in direct response expenses. 

  • Ransom Payment: Change Healthcare paid a $22 million ransom to the BlackCat ransomware group in an attempt to prevent further data exposure. 

Further Reading: Change Healthcare Breach Hits 100M Americans – Krebs on Security 

 

In News Tags Newsletter, Executive Leadership
Comment

Latest PoDCASTS

Featured
Dec 2, 2025
Exploring the Next Frontier of IAM: Shared Signals and Data Analytics
Dec 2, 2025
Dec 2, 2025
Nov 25, 2025
How to Close the Cybersecurity Skills Gap with a Student Powered SOC
Nov 25, 2025
Nov 25, 2025
Nov 18, 2025
What is the 2025 State of the API Report From Postman?
Nov 18, 2025
Nov 18, 2025
Nov 11, 2025
How AI Will Transform Society and Affect the Cybersecurity Field
Nov 11, 2025
Nov 11, 2025
Nov 4, 2025
[RERELEASE] How Macs get Malware
Nov 4, 2025
Nov 4, 2025
Oct 28, 2025
[RERELEASE] Why communication in infosec is important - Part 2
Oct 28, 2025
Oct 28, 2025
Oct 21, 2025
[RERELEASE] Why communication in infosec is important
Oct 21, 2025
Oct 21, 2025
Oct 14, 2025
Exploring AI, APIs, and the Social Engineering of LLMs
Oct 14, 2025
Oct 14, 2025
Oct 7, 2025
How to Prepare a Presentation for a Cybersecurity Conference
Oct 7, 2025
Oct 7, 2025
Sep 23, 2025
Exploring the Rogue AI Agent Threat with Sam Chehab
Sep 23, 2025
Sep 23, 2025

Powered by Squarespace