Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

The Rising Threat of Offensive AI

Can we trust what we see, hear and are told?

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

The growing need for Artificial Intelligence in healthcare

Healthcare needs AI and ML.

The author and other experts, discuss the growing need for Artificial Intelligence in healthcare for everything from clinical decision support to administration / revenue cycle and cybersecurity. 

Machine learning algorithms are already transforming healthcare and security tools like Cylera MedCommand, but there’s an arms race with cyber-criminals where having the right tools to identify and block an attack is becoming critical.



See the full HIMSS AsiaPac Interview


See also The Impact of AI and HIoT Related Threats from the HIMSS Show Daily

See also AI Will Radically Change Healthcare Security my keynote from HIMSS AsiaPac19


HHS in Targeted Cyber Attack

A recent attack against U.S. Health and Human Services is a lesson to us all to better manage cyber risk in a healthcare environment

The U.S. Health and Human Services Department suffered a cyber-attack on Sunday night according to Bloomberg that appears to have been purposely intended to disrupt its computer systems, and thus an attempt to undermine HHS’s response to the coronavirus pandemic gripping the country. The attack which occurred just before midnight involved overloading HHS servers with millions of hits over several hours and may have been an attempted distributed denial of service attack (DDOS). Initial investigations appear to suggest that the attack may have been the work of a foreign actor. A number of news outlets are pointing the finger towards Russia, however it may take weeks or months for a full forensic investigation before the cyber attack can be accurately attributed.

The fact is that during a healthcare crisis and a huge influx of sick patients, the resiliency of hospital and clinic IT systems becomes even more important to ensure patient survivability. Recognizing this, and with an expected escalation of threats during a national crisis, HHS had recently implemented an expanded risk-based approach to cybersecurity assessment of threats, vulnerabilities and controls.

“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities," said Caitlin Oakley, a spokeswoman for HHS.

While this ‘risk-based’ approach to cybersecurity worked in HHS’s favor to protect it from cyber attack and to keep critical services up and running, most health systems are not so lucky. Many are still following a ‘controls-based’ approach to security, ignorant of the actual cyber-risks in their hospitals and clinics from devices they may think are safe from attack, but which have never been tested or even profiled, let alone risk-assessed.

According to an investigation conducted by Cylera last year, more than 90% of US hospitals and clinics do not have a current and accurate inventory of all IT and IoT assets that connect to their networks. This includes not only workstations and servers, but also BYOD devices like personal phones and tablets, network connected building management systems that control elevators and air conditioning, and a rapidly growing number of medical devices, many of which are managed by third-party vendors and have never been patched.

"When your patients are relying upon you to provide medical services and to possibly keep them alive through a pandemic, five, six, or seven nines availability* is an absolute must." said Richard Staynings, Chief Security Strategist with Cylera and HIMSS and AEHIS Cybersecurity Expert. "The last thing you want is for one of your un-assessed healthcare IoT devices to take down an entire hospital building or even a floor of your clinic. The availability of health IT and IoT systems is critical to the way we treat patients in today’s digital healthcare service no matter where you live or where you go to seek treatment or to get help with breathing." he added.

Automated tools like Cylera MedCommand, make extensive use of AI and ML to thoroughly risk-assess medical and other devices so you can understand risks and implement compensating security controls before something bad happens.


MedCommand' provides clinical engineering and information security teams with a unified solution to manage and protect the entire connected HIoT environment including medical devices, enterprise IoT, and operational technology.

Cylera has partnered with leading healthcare providers, experts, and peers to develop one the most comprehensive and integrated HIoT security solutions available for healthcare.
Learn more about the company's innovative AI based approach to medical device and other HIoT endpoint management at https://www/cylera.com



* Five nines availability indicates the expected uptime of a system i.e. 99.999% availability, (roughly 5 minutes per year). Similarly, seven nines would be 99.99999% uptime equating to 3.16 seconds downtime per year.