Health-ISAC

Medical Device Security Blog by Phil Englert, Health-ISAC VP of Medical Device Security. In the health care industry, ensuring the safety and efficacy of medical devices is paramount. Too often, cybersecurity focuses on vulnerabilities and, while important, vulnerability analysis is too narrow. Vulnerabilities are evaluated using the Common Vulnerability Scoring System (CVSS), which attempts to determine how dangerous a vulnerability is. This is useful information but considers the vulnerability risk within the component it resides in rather than the product. This limited view fails to consider the risks the vulnerability poses to a specific environment. Contextual factors such as asset importance, how the asset is used, or the controls in place, either within the product or within the network must also be considered when evaluating risk. Given these limitations, conducting a Medical Device Risk Impact Analysis (MDRIA) is a critical process that helps health care providers identify, assess and mitigate risks associated with medical devices. This essay outlines the essential components of an MDRIA. Read the full blog in TechNation. https://lnkd.in/ee-dJgmv

📣 PARTNER EVENT - HealthSec Summit // Health-ISAC members may receive VIP tickets. Returning for its 3rd annual edition in Boston on June 3-4, HealthSec Summit will bring together 100+ Health IT security leaders to learn, connect and collaborate towards improving their cyber security strategies and stay ahead of malicious threat actors. The event will feature 20+ trailblazing speakers, including experts from the likes of: 🎙️Phil Englert, VP of Medical Device Security, H-ISAC 🎙️Ashley Mancuso, Vice President, MedTech BISO, Johnson & Johnson 🎙️Michael Doran, Senior Director, Cyber Resilience, GSK 🎙️Robert Kerwin, General Counsel, MeHi Find out more about the event’s speakers and agenda at 🔗 https://lnkd.in/eJrd2bG8 📌 As a partner of the event, members of H-ISAC can apply for a complimentary pass with the code “H-ISAC” at 🔗 https://lnkd.in/d5J-MJ2e (All registrations will be checked against eligibility criteria. View T&Cs below to check if you qualify). ___ T&Cs: Offer is valid for end user roles in healthcare and life sciences organizations only. All registrations will be checked against eligibility criteria and tickets will be distributed on a first-come, first-serve basis. Members employed by cybersecurity solution providers or consultancies do not qualify for a free ticket but are eligible for a 30% discount on vendor passes using the code “MP-30”.

Here is a podcast to listen to on the drive home or over the weekend. Errol Weiss talks health sector cybersecurity with Dave on the TechSpective podcast, episode 156. https://lnkd.in/eNAzAZ-h #healthit #healthtech #healthsector

Call for Papers for the Fall Americas Summit is open! Still energized from last week's Spring Americas Summit? Speak at the Fall Summit in California in early December. https://lnkd.in/eXNDZMKm Why Submit an Abstract?   Inspire and Inform: Your ideas could inspire colleagues, highlight emerging trends, and shape best practices. Network and Collaborate: Presenting at the summit provides a unique platform to engage with a broad community of professionals, fostering connections that may lead to exciting collaborations. Establish Your Expertise: Gain recognition as an expert in your field, opening doors for future speaking opportunities, collaborations, and more.   We welcome submissions from all levels of experience and expertise—whether you're a seasoned professional or an emerging voice, we want to hear from you! #healthcare #healthit #incidentresponse

Mastering EU and FDA Cybersecurity Requirements for Medical Devices webinar by Health-ISAC Navigator, Medcrypt on Wednesday, June 25th at 11 AM ET. https://lnkd.in/gTRpbYNH Navigating the cybersecurity landscape for medical devices requires an understanding of both European Union (EU) and US Food and Drug Administration (FDA) guidance. Ensuring your teams can execute efficiently and meet the distinct yet often overlapping requirements can be a significant undertaking. Building on our previous joint webinar "Bridging the Gap: Navigating EU and US Medical Device Cybersecurity Regulations", Axel Wirth, Chief Security Strategist of Medcrypt, and Christian Rosenzweig, Medical Device Consultant at the Johner Institut will be providing a deep dive into select cybersecurity topics. Our webinar on Wednesday, June 25th, is designed to equip you with the knowledge and strategies to align with EU and FDA medical device cybersecurity expectations in general and select pre- and post-market topics in specific. Learn how to comply with essential cybersecurity principles and practices relevant to both EU and the FDA regulatory environments. Don't let the complexities of dual regulatory requirements hinder your progress. Register now and learn how to train your team effectively and efficiently. #MedTech #MedicalDeviceCybersecurity #PatientSafety

This week, Health-ISAC®'s Hacking Healthcare® examines A newly published handbook from the the European Union Agency for Cybersecurity (ENISA) that outlines how EU member states may implement cyber stress testing as a part of the growing EU cyber regulatory ecosystem. Join us as we break down why this new handbook has been created and how it may end up impacting Health-ISAC Members. #EU #ENISA #Cybersecurity

Enjoy this wrap-up video of last week's jam-packed Spring Americas Summit and hear from the attendees why you should attend the next Summit. The Health-ISAC community is "all in this together" when it comes to health sector resilience. Be a part of it! #AIsecurity #healthtech #healthcare

Registration is open for the 2025 European Summit! Members can take advantage of the exclusive 🚨US$99 registration discount until August 31st. Secure your spot today and join industry leaders for key insights, networking, and innovation. ☑️ Register here https://lnkd.in/ezmx4vcc #healthisac #healthcare #healthit

Don’t Miss TOMORROW's Exclusive ETC Webinar! Join fellow Health-ISAC Members on Wednesday, May 29, at Noon ET for the latest Engaging Talks & Contributions (ETC) Monthly Member webinar, featuring vital insights from Cyware and Cysurance. Discover how to go beyond brand monitoring with Neal Dennis in “Digital Risk Protection in Healthcare: The Why, the How, and Beyond Brand Monitoring”. Then, uncover the truth behind healthcare ransomware threats with Kirsten Bay in “Inside Healthcare Ransomware: What Cyber Insurance Claims Reveal About the Biggest Risks Facing Healthcare Organizations.” 👉 Register now: https://lnkd.in/eSBUkZi5 Health-ISAC’s trusted Community Services providers offer Members free and discounted tools to strengthen security and resilience across the healthcare sector. 🛠️ Explore available resources: https://lnkd.in/epChMkVZ #DRP #cybersecurity #healthcare #CyberInsurance

🚨 TODAY at 3:00 PM CET - Monthly Threat Briefing for Health-ISAC Members! Stay ahead of the latest threats with these power-packed, insider-only briefings led by the Health-ISAC Threat Operations Center team! 🔹   The European MTB - Wednesday, May 28 at 3:00 PM CET Presentations include the European Cyberwatch and cover topics ranging from trending impacts on healthcare to emerging threats, physical security, and legal and regulatory updates. Members will receive instructions on how to register via email. Thank you to this month's guest speakers from Abstract Security, Censys, CyberMaxx, and Venable. Guest speaker topics include: The Invisible Enemy: Unmasking Microsoft 365's Logging Blind Spots; Monitoring DPRK BeaverTail Deployments Delivering InvisibleFerret: TTPs & Analysis; and Threat Actor Activity within the Healthcare Sector leading to Ransomware. This month's physical security awareness focus is Critical Considerations: Hurricanes and Protecting Health Sector Infrastructure. #criticalinfrastructure #healthit #healthsystem