Henry Dalziel | Healthcare Cyber Security | August 20, 2014
We had an extra special Hacker Hotshot event with Chris Silver from Foundstone a few weeks back now titled: Go With the Flow: Strategies For Successful Social Engineering
Chris is hugely experienced and it was a pleasure to have him on the show. His talk was especially interesting given the examples he shared with us – i.e. real-life recorded phone calls made by the man himself and his team. It was a really fascinating insight into how “easy and possible” it is to acquire information from people.
The other reason for this post is because we wanted to share with you all the Open Security Research Blog – something which Chris and the folks at Foundstone (a divison of McAfee) are associated with. The posts are very informative and you can certainly learn a lot there.
We’d love to have Chris back on the show in 2013 so please sign up to our next events and we will keep you posted to his hotly anticipated return!
Here are questions asked at the end of the talk:
Can you share any type of bench mark conversion rates? Obviously one of the key goals is getting a password, have you worked out a minimum conversion rate that you are looking for?
If there is one thing an organization can do to protect themselves better what would it be, i.e. is there a major hole that can be instantly patched?
However – what we do know for sure is that the healthcare sector security posture has always been subject to criticism owing to its’ weak profile. Healthcare and pharmaceutical companies rate terribly in terms of their security performance, according to a analysis of Standard & Poor’s 500-stock index companies by BitSight Technologies.
Our practice exams are a great way to see how good you are! Take a test and see if you pass; obviously, if you do then that’s great news – since you are well on your way to getting certified in an ‘in-demand’ industry.
The healthcare.gov hack is not really the news, rather, the news is that the US Governments flagship medical healthcare initiative is open to cyber threats – and that indicates again, the demand within the healthcare section for infosec professionals.
Early this year, research (as mentioned above) by BitSight Technologies showed that many healthcare systems were (or had been) infected with Zeus Malware. Zeus is particularly nasty for the healthcare industry since the malware logs employees keystrokes – from passwords to patient data. Healthcare data and patient data is clearly highly sensitive (even more so that retail customer data) therefore the fact that Zeus could have infected healthcare networks and computer systems is alarming.
Another concern is that healthcare, pharmaceutical and drug companies – which range from hospitals and care homes with sensitive patient data to research and development units with valuable IP property – also take far longer detect intrusions and effectively patch the security threat.
This blog post is to draw light to the potential benefit of entering the healthcare section as a cyber security professional – and to allow you a ‘taster’ of getting certified we created an online test for you to see how much you understand about healthcare compliance and IT Security. There are only 10 questions and the test takes 5 minutes to complete (which is timed to add ‘realism’) – also, another benefit is that you don’t have to register.
Do you work in the Healthcare Industry as a security professional?
We’d be particularly interested to hear your comments if you work in the industry. Did you get certified and if so did it help you get your job? What are the current challenges facing the sector and how does it differ from other industries?
We also offer advice and resources for a bunch of other courses listed here – currently we have over 110 Information Security Training courses – from free continuing education programs worth CPU credits to compliance training courses that only cost $9!