Monthly Cyber Briefing

Engage. Educate. Prepare.

Every first Thursday of the month from 12:00-1:00 PM (Central Time)

*Due to holidays, the timing of some sessions may be adjusted. See schedule below.

We invite you to join us each month for a free, virtual Monthly Cyber Briefing!

During each one hour-long session, an industry expert will draw on their previous experience to cover several key topics & trending news related to healthcare cybersecurity.

Overview

The Monthly Cyber Briefing is a digest of trending news and announcements related to healthcare’s cybersecurity landscape, and it provides expert insight that is designed to help healthcare information security professionals stay on top of what matters most.

Topics include…

  • Trending cybersecurity threats within the healthcare industry and combative best practices
  • Coverage of recent incidents and key takeaways in terms of lessons learned
  • Updates on new regulations and standards and what they change/impact
  • Deep dives on specific cybersecurity challenges facing healthcare organizations

Register once to secure your seat for all Cyber Briefings. See below for information on upcoming sessions and the link to access replays of previous sessions.

Have questions? Contact us at info@clearwatersecurity.com.

December Topic & Speakers

The State of Vulnerability Management in Healthcare

Steve Cagle

Steve Cagle

Chief Executive Officer
Clearwater

Jon Benedict, MBA, CISSP, CISM, HCISPP, PMP

Steve Akers

CTO, Managed Security Services, CISO
Clearwater

Session Schedule

1/11 January

A Look at HHS’s Healthcare Cybersecurity Strategy with Iliana Peters and Greg Garcia 

In early December, the U.S. Department of Health and Human Services (HHS) released a concept paper outlining the Department’s cybersecurity strategy for the healthcare sector. The paper details four pillars for action, including publishing new voluntary healthcare-specific cybersecurity performance goals (CPGs), working with Congress to develop support and incentives for domestic hospitals to improve cybersecurity, and increasing accountability and coordination within the healthcare sector.

More information on HHS’ cybersecurity plan is expected to come early in the new year. At the same time, governmental action to improve cybersecurity in healthcare is happening at the state level as well, as New York recently announced plans to provide grant funding hospitals and implement new regulations.

The cybersecurity practices of healthcare organizations are under the microscope like never before, and to help you get a handle on what further steps we might see from federal and state agencies in 2024, we have two leading experts joining our first Monthly Cyber Briefing of the new year.

As Executive Director of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG), Greg Garcia leads the group whose mission is to collaborate with HHS and other federal agencies to identify and mitigate systemic risks that affect patient safety, security, and privacy, and consequently, national confidence in the healthcare system. Greg has unique on HHS’ cybersecurity plans through his work with the HSCC CWG.

For many years, Iliana Peters both developed information privacy and security policy, including on emerging technologies and cyber threats, for HHS, while coordinating with the Department of Justice, Department of Education, other federal agencies, State Attorneys General and the White House. Now, as a Washington, DC-based Shareholder with the law firm Polsinelli, Iliana works closely with healthcare clients on complicated compliance questions, incident response, investigations, and training to protect data and avoid legal risk and legal liability, both at the state and federal levels.

Greg and Iliana will join with Clearwater CEO Steve Cagle for what promises to be a very insightful discussion. This is one Cyber Briefing you do not want to miss.

2/1 February

Evolving guidance for medical device cyber-risk and the strategic management approaches for tackling legacy devices

Legacy medical devices are a today problem, not a tomorrow problem. Join Clearwater’s Director of Consulting Services, Jon Benedict, for a conversation about why most medical devices are currently considered “legacy” and the strategies cybersecurity leaders can take to mimize the risks associated with these devices. Jon will also cover the medical device cybersecurity maturity model and share some thoughts on its practical application in healthcare organizations.

Clearwater CEO Steve Cagle will also share a threat landscape and regulatory update. There’s also to cover as cyberattackers continue evolving their tactics and HHS released it voluntary cybersecurity performance goals just last week. Don’t miss it!

3/7 March

Latest Developments in the Healthcare Threat Landscape

During the March edition of Clearwater’s Monthly Cyber Briefing, Corporate CISO and CTO for Managed Security Services Steve Akers and Dave Bailey, VP of Consulting Services, will dive deep into current trends in the healthcare threat landscape. They will cover the latest on the ScreenConnect vulnerability that is tied to the Change Healthcare cyberattack and review nation-state threat actors that are targeting U.S. critical infrastructure. In addition, Steve and Dave will discuss the continuing evolution of ransomware-as-a-service and what healthcare organizations need to know about how it’s being used against them.

Their discussion follows Clearwater CEO Steve Cagle’s round-up of other recent developments impacting the industry, including the news that random HIPAA audits are on the horizon.

4/4 April

Top Vendor Risk Management Challenges Facing Healthcare Leaders

The Change Healthcare cyberattack is yet another example of healthcare organizations’ vulnerability to operational disruptions due to security breaches in their third-party vendors and the extended supply chain. Vendors remain one of the most difficult components of risk to manage and also one of the most likely to contribute to a breach.

During our April Cyber Briefing, we will cover the latest developments related to the Change Healthcare attack as well as new threats and concerns that healthcare leaders should have on their radar. Our team will then focus in on the subject of vendor risk management and discuss the top challenges facing healthcare organizations, share insights on trends we’re seeing across the industry, and provide guidance on key actions to take to reduce your third-party risk.

5/2 May

In the wake of the Change Healthcare attack, many healthcare organizations are asking hard questions about the impact a cyberattack can have on their operations and whether their Business Continuity Plan is sufficiently honed to minimize disruption if an incident shuts down access to key systems and data.

Our May Cyber Briefing will feature insights from two members of Clearwater’s Consulting team who are experts in Disaster Recovery and Business Continuity Planning:

  • Angie Santiago—A certified Business Continuity Professional and former health system CISO, Angie has extensive emergency preparedness experience as an organizational resilience leader for provider communities, community care centers, healthcare systems, academic medical centers, and DHHS.
  • Tom Joyce —Certified in Disaster Recovery Planning, including Business Impact Analysis planning and execution, and a former regional health system CISO, Tom also has deep experience leading emergency preparedness within healthcare organizations.

Following Steve Cagle’s review of the latest developments that healthcare leaders should have on their radar, Angie and Tom will discuss how, by applying interdisciplinary frameworks centered around risk and resilience, organizations can improve their ability to respond and recover from threats, shocks, or crises—whatever form they may take.

6/6 June

A Deeper Look at the Healthcare Threat Landscape & Business Email Compromise

During the June edition of Clearwater’s Monthly Cyber Briefing, Corporate CISO and CTO for Managed Security Services Steve Akers, Dave Bailey, VP of Consulting Services, and 1stResponder President and Founder Ricoh Danielson, will review current trends in the healthcare threat landscape and share guidance on key issues that healthcare organizations should be addressing in the wake of continuing cyberattacks. They’ll zero in on business email compromise as a key threat to healthcare and share strategies for preventing it. 

Their discussion follows Clearwater CEO Steve Cagle’s round-up of the latest cybersecurity and regulatory developments impacting the industry. 

7/11 July

Changing the Conversation About Cybersecurity in Healthcare 

The major cyberattacks that have occurred across the healthcare industry in the first half of 2024 have underscored the need to change the conversation about cybersecurity in healthcare – from focusing on controls to analyzing risks, from protecting data to protecting patients, from characterizing cybersecurity as an IT problem to recognizing it as business priority, and from thinking about cybersecurity as a function that puts up roadblocks and barriers to one that creates value and enables business success. 

Now is the time to make that pivot, but how do you do it in a way that resonates and translates to greater support for and investment in your cybersecurity program? Bob Chaput joins our July Cyber Briefing to discuss how to engage your C-suite and board in effective and ongoing dialogue about Enterprise Cyber Risk Management. 

 

8/1 August

Preparing for New Cybersecurity Mandates: Insights for Healthcare Organizations

Recent news reports have indicated that the Biden administration will soon issue new regulations aimed at bolstering cybersecurity in the U.S. healthcare sector. Hospitals are expected to be the first entities required to implement new “minimum” mandates based on cybersecurity performance goals that the Department of Health and Human Services released in January. 

How should hospitals be preparing for this likely development? And what are the implications for other organizations across the healthcare ecosystem? 

Clearwater Chief Risk Officer and Head of Consulting Services and Client Success Jon Moore joins our August Cyber Briefing to shed light on the latest developments and offer guidance on the best steps to take to position your organization for what may come.  

In addition to his work advising and supporting Clearwater clients, Jon is actively involved with the Healthcare and Public Health Sector Coordinating Council, a group that serves as a liaison between the industry and the federal government. 

9/5 September

Cloud Assumptions and Misconfigurations That Threaten Healthcare Security

Our September Monthly Cyber Briefing will feature Steve Akers, Clearwater Corporate CISO and CTO for our Managed Security Services unit, reviewing a false cloud assumption that allowed an adversary to influence an organization. Steve will discuss the need for greater understanding of cloud shared responsibility and how it relates to the latest research on top cloud computing concerns.

His discussion will follow Steve Cagle’s review of the latest cybersecurity and regulatory developments impacting healthcare organizations and recommendations for how to address current threats.

10/3 October

View from Washington: How Cybersecurity Legislative Activity May Impact Healthcare Organizations

The bipartisan Senate bill, the Healthcare Cybersecurity Act, which was introduced this July and has cleared the Senate Homeland Security and Governmental Affairs Committee with a vote of 10-1, now has a companion bill in the House of Representatives.  

The Healthcare Cybersecurity Act calls for the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together and implement a variety of measures to improve cyber defenses in the healthcare sector, including making cyber threat defense resources available to nonfederal entities to help them improve their defenses. 

As this legislation continues to progress through Congress, what potential impacts should healthcare leaders be anticipating? And how does the legislation tie to other developments we’ve seen at the federal level this year, such as the introduction of voluntary Cybersecurity Performance Goals which are expected to become mandatory at some point in the near future? 

We are pleased to have Mari Savickis, Vice President of Public Policy for the College of Healthcare Information Management Executives (CHiME) joining our October Cyber Briefing to help us answer these questions, discuss CHiME’s recent appointment of a National Advisor for Cybersecurity, and cover other important cybersecurity initiatives.   

Our discussion with Mari will follow Clearwater CEO Steve Cagle’s review of the latest cybersecurity and regulatory developments impacting healthcare organizations and recommendations for how to address current threats.  

11/7 November

First, Do No Harm: Strategies for Managing AI Risks 

In an era where artificial intelligence (AI) technologies are rapidly evolving, healthcare organizations face many risks related to employee and patient trust, errors, unethical or unintended practices, privacy, security, and compliance. Members of Clearwater’s Monthly Cyber Briefing community play a critical role in driving the effective management of these risks and ensuring that appropriate controls are in place to prevent AI from doing harm instead of good.  

Jon Moore, who authored the toolbook AI Governance and Strategy Alignment for The Governance Institute earlier this year, joins our November Cyber Briefing to discuss strategies for managing AI-driven risks – both internal and external – and promoting responsible AI deployment to drive innovation and improve patient outcomes. 

Jon’s discussion will follow Dave Bailey’s review of the latest cybersecurity threats and regulatory developments impacting healthcare organizations and recommendations for how to respond. 

 

12/5 December

The State of Vulnerability Management in Healthcare

 

Clearwater Corporate CISO and Managed Security Services (MSS) leader Steve Akers will review vulnerability data across different segments of the healthcare ecosystem, leveraging real-world data from our MSS team. Steve will break down top vulnerability exposures, times to remediation, key average metrics, and other trending data points that give insight into the pressure vulnerability management creates on an organization.  

His presentation will follow Steve Cagle’s review of the latest cybersecurity threats and regulatory developments impacting healthcare organizations.