The CyberPHIx: Meditology Services Podcast Britton Burton | Sr Director of Product Strategy

Join us for this episode of The CyberPHIx podcast, where we hear from Morgan Hague.  

Morgan is the manager of IT Risk Management at Meditology Services and has been in the industry for nearly a decade. He has worked with hundreds of organizations in an advisory capacity helping to assess or audit security functions to drive program maturity. He also leads Meditology’s strategic risk management consulting service line and is a subject matter expert in threat mitigation and risk program development. 

Topics covered in this session include:  

A deep dive into the emerging use cases for AI in the healthcare setting The risks related to AI that defenders need to be aware of and how real and relevant those risks are in the current state Data Poisoning, Input Manipulation, Membership Reference & Model Inversion AI-driven attacks and human security risks Privacy concerns with the use of AI New regulations coming online that directly affect the use of AI Controls we should be considering for AI Frameworks that already exist to help us understand the control options And some practical tips on where to get started 

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

The Changes to HHS 405(d) HICP publication on the top 5 threats and top 10 security practices for healthcare 
The NIST Cyber Security Framework 2.0 Discussion Draft  
The riskiest connected medical devices and IoT (including nurse call, infusion pumps, and IP cameras) 


Some free security awareness resources for clinicians from Health Sector Coordinating  
Moody’s report on healthcare lagging behind other industries in implementing cybersecurity practices 
OCR regulatory focus on pixel tracking technologies on HIPAA-Covered-Entity websites 
Some fascinating numbers on the increase in lawsuits after breaches and ransomware payment averages 
A new ally for security leaders in the Chief Supply Chain Officer (CSCO) 


And Apple’s new Rapid Security Response updates for iOS, iPadOS, and macOS 

Join us for this episode of The CyberPHIx podcast where we hear from Ryan Patrick, Vice President of Adoption at HITRUST.  

Ryan works with clients to understand and implement the HITRUST-validated assessments that best suit their organization’s risk profile. Prior to this role, he spent many years as a security practitioner and IT lead in a wide range of organizations from the US Army to Covered Entities to healthcare cybersecurity consulting firms. He has a wealth of practical security experience that informs every discussion about security or HITRUST.  

Topics covered in this session include:  

The new HITRUST v11 and what it means for organizations who are considering the HITRUST journey HITRUST’s traversable levels of assurance from e1 to i1 to r2 A newly created threat adaptive control selection process they use How broken and unsustainable TPRM (Third Party Risk Management) is today How HITRUST services fit into the third-party risk landscape A discussion about the new Health Third Party Trust (H3PT) council and what that group is trying to do to solve TPRM An invitation to meet either of us in person at HIMSS in Chicago April 17 – 21 And a cool update on HITRUST’s Results Distribution System (RDS) and the automation opportunities it will provide 

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

Our host Britton Burton spends this entire episode reviewing and analyzing the recently released National Cybersecurity Strategy, including: 

Summarizing, and in some cases quoting, the key points from the document that are most relevant to healthcare security pros who may have time to listen but not read 
Analyzing how those key points will affect the healthcare industry in the coming months and years 
Explaining how (and when) the rulemaking process might play out 


The impact this could have on cloud and third-party risk 
Implications of incident reporting and the positive side of the emphasis on it 
An interesting wrinkle in the cyber insurance space 
Increased scrutiny on IoT manufacturers 
How the technology and software industry is similar to the automotive industry 50 years ago 


And much more! 

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 
In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 
The Federal Trade Commission’s (FTC) first Health Breach Notification Rule Enforcement action against GoodRx  An unsurprising report from OCR on security rule compliance areas that HIPAA-regulated entities need improvement plus the most common remediation actions taken by breached entities  Semi-definitive information about the date and final rule content of the SEC’s looming rule for publicly traded companies on Cybersecurity disclosures and risk management  NIST’s announcement on a new lightweight cryptography algorithm that can be used by IoT and Medical Devices  The disheartening cyber attack on the 988 suicide and mental health helpline  Interesting new trend data on the lower volume of healthcare breaches but higher count of individuals affected by those breaches  A recent surge in Wiper malware attacks, thanks in large part to the Russia/Ukraine war  A fascinating narrative on cyber insurance involving exclusion of nation-state attack vectors from policies, sharper focus on TPRM programs, and a ransomware gang’s unusual request to its victims

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. 

In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: 

A new National Cybersecurity Strategy coming from the Biden administration in the next few weeks  Healthcare cybersecurity legislation with mandatory requirements coming from Senator Mark Warner by the end of 1Q  More ChatGPT analysis on malware writing and that it is NOT suitable for use in a HIPAA Privacy compliant manner  A small hospital in Illinois closes due to COVID expenses and a cyber attack that shut down billing  The new Rural Emergency Hospital rule for struggling critical access and rural facilities  The impact of travel nursing on cybersecurity  FBI and Hive ransomware + why FBI wants more victims to call them  Microsoft OneDrive takes first place for cloud app malware distribution  A new DDoS threat from KillNet against healthcare and what to do about it  An interesting update from the Russian/Ukraine war  A call for community help on the evolution of NIST CSF and CSA CCM