Here are six minutes of the best moments from “Hacking Healthcare Security: An hour of critical thinking on reducing risk across the health industry’s unique threat vectors”.
To see the entire replay, go here.
Joining me in the chat were Jon Ehret, vp of strategy & risk, RiskRecon and Errol Weiss (@errolw65), CSO, Health-ISAC.
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor, RiskRecon
Winner of “Best Bad Idea”
An impressive 30 bad ideas for this week’s video chat. Here are some of the honorable mentions:
“When a healthcare facility loses your data, they get to scramble your biological material and send you a new identity.” – Chris Roberts, hacker-in-residence, Semperis
“Make all employees pay a copay to reset their passwords.” – Trey Turbett, enterprise sales development representative, CloudPassage
“Give all patients the CISO’s phone number so they can call anytime they have concerns about their PHI.” – Michelle Valdez, CISO, OneMain Financial
Best quotes from the chat room
“I think another unappreciated factor about pharma IP is that the pharma companies are frequently in competition and cooperation at the same time. So you have to setup IP-sharing mechanisms with your competitors… only defense (in my experience) has that same challenge.” – Paul Lanzi, COO, Remediant
“Just because someone has a title doesn’t mean they are competent in that role.” – Scott McCormick, CISO, Reciprocity
“The issue with HiTrust, SOC2, etc is that not all vendors accept them, so turns into never ending custom assessments to provide services.” – Jared Couillard, director, IT and security, Cohere Health
“If they treat frameworks like a checkbox, they don’t have a security culture.” – Chris Foulon, senior security consultant, GRIMM