H-ISAC Newsletter - September 2019 - Health-ISAC - Health Information Sharing and Analysis Center

Invite your European colleagues to the

H-ISAC European Summit

https://h-isac.org/summits/european_summit/

H-ISAC is excited to kick off its first European Summit this fall. The Summit’s
Welcome Reception will immediately follow the H-ISAC European
Council meeting October 16, 2019 at the Kameha Grand in Zurich, Switzerland.

Summit attendees can look forward to building their information sharing network
in Europe, beginning with the Welcome Reception and continuing conversations into the evening hospitality suite. Members and attendees consistently praise the value of establishing and bolstering connections through H-ISAC Summit networking events.

“I experienced a true sense of collaboration and partnerships.
I also discovered a great network of experienced, knowledgeable contacts for future conversations on
big ideas or solving new challenges.”
Sandra Dunn, CISO, BCBS of Idaho in the module Advanced settings.

Session planning is now in the final stages and includes members sharing best practices, such as “How We Built Cyber Intelligence” and member-vendor use case scenarios such as the presentation discussing the Benefits of Centralizing Security Solutions for Medical Device Manufacturers. The popular CISO Panel closes out day one before everyone heads to Schloss Laufen on the Rhine River. Attendees will experience a fabulous view of Europe’s largest waterfall, a memorable courtyard reception, and an exquisite dinner in a castle dating back to 858 AD.

Day two brings more information sharing and the valuable two-hour deep dive Member Round Table sessions. Choose from SOAR/Automation, Security Awareness, Cloud, and Artificial Intelligence 2.0 discussion topics. The agenda includes one member’s IT risk management and security strategy to support digital transformation and another member’s DMARC journey.

Agenda Available!

The dynamic content and information sharing is not to be missed. See how the agenda is taking shape.

https:
//h-isac.org/Euconference/agenda/

Early Bird Pricing Ends Soon!

Take advantage of your
H-ISAC Member Comp Pass or the Early Bird Member price of USD 550 until 13 Sept.

https://www.regonline.com/registration/checkin.aspx?EventId=2566607&RegTypeID=882749

Hotel Reservation Cut-Off

Secure your room at Kameha Grand for our conference rate of CHF 179.00/night before 17 September.

Phone: +41 44 525 5000

Please reference H-ISAC European Summit when booking your room.

H-ISAC Employee Spotlight: Errol Weiss, Chief Security Officer

Errol joined H-ISAC as its first Chief Security Officer (CSO) in April 2019. He is responsible for the strategic vision and direction of H-ISAC’s day-to-day Cyber and Physical Security Services offered to H-ISAC members, including the delivery of Cyber and Physical Threat Intelligence; the H-ISAC Security Operations Center (SOC) in Titusville, Florida; Identity services; community exercises and other special interest services.

With more than 20 years of financial services information security and threat intelligence experience, Errol has come to the healthcare sector. He spent the last three years at Bank of America where he was a Global Information Security executive working to protect information, customers and staff by reducing the impact from cyber threats. Before that, Errol worked for 10 years at Citigroup, where he created and ran the bank’s first Cyber Intelligence Center, a global team providing actionable intelligence to internal teams. He started his information security career at NSA where Errol ran penetration testing and red team exercises against US Government networks.

Errol has been involved with the ISAC concept from its foundation – first as part of the team that created the Financial Services ISAC in 1999 and then as an FS-ISAC Board member. In fact, he is one of the four named inventors on the patent for Trusted and Anonymous Information Sharing.

As CSO, Errol works closely with the H-ISAC Threat Intelligence Committee (TIC) to improve ISAC intelligence services and is active on the ISAC’s WeeSecrets secure chat platform. As Errol strives to further mature and improve security services for the H-ISAC membership community, watch for some exciting new cyber and physical security intelligence services coming this fall – including a Daily Physical Security Digest that will begin on September 16^th. We encourage members to contact our (SOC) with questions or feedback about H-ISAC’s intelligence reports. Members are encouraged to email the SOC directly at soc@h-isac.org. Your email will be answered!

H-ISAC COO and Board Members to Speak
at New Cyber Forums

Come to the inaugural Healthcare Innovation Cybersecurity Forums this fall in Los Angeles on September 20 and Boston on October 4.
H-ISAC is co-organizing the forums with Healthcare Innovation to present top-quality education for cyber professionals in the healthcare sector.

Sarah Hall, H-ISAC Chief Operating Officer, will be keynoting the forum in Los Angeles. Board member, Mike Towers, Chief Security Officer at Takeda and former Chairman of the Board, Jim Routh, CISO at MassMutual will be keynoting the forum in Boston.

H-ISAC members receive a complimentary ticket with registration by September 13.

View the agendas, speakers, and register here:

https://endeavor.swoogo.com/2019-California-Cybersecurity-Forum/HISAC

Top 10
Health Related Cyber Events for September:

Presbyterian suffers data breach

Amarin Pharma notifies patients of data leak discovered by vpnMentor

2 Misconfigured Databases Breach Sensitive Data of Nearly 90K Patients

Thousands of medical records exposed in Australia

Clients notified of privacy breach at Child and Family Services

Health Data Breaches Involving Unencrypted Devices Reported

Cyberattacks hit NCH Healthcare System and Grays Harbor Community Hospital

Virginia Gay Hospital Notifies Patients of Security Incident

Michigan Medicine notifies patients of health information breach

WCHN in Danbury Warns of Possible Medical Records Breach

H-ISAC Working Group Update:

Medical Device Security Information Sharing Council

The Medical Device Security Information Sharing Council (MDSISC) brings together stakeholders in the medical device security arena to develop solutions, identify best practices and facilitate the exchange of information that results in a more efficient and secure use of medical devices and related practices. A large majority of the MDSISC consists of medical device manufacturers (MDM) and healthcare delivery organizations (HDO).

The MDSISC currently has seven working groups: resource tracker; endpoint protection options; life cycle management and patching; authentication and authorization for non-PC medical devices; scalable security controls; coordinated vulnerability disclosure process media education; MDM resource page. The council also has volunteers that develop the medical device track for the Spring and Fall Summits.

The Council currently meets virtually on the last Thursday of the month at 2:00 pm ET. Members who would like to join or learn more about this group, please email:

contact@h-isac.org.

Successful H-ISAC member Meet-up

at Black Hat USA 2019

Healthcare Cybersecurity: The Current Diagnosis and
How to Cure Security Pain Points

The Internet of Medical Things (IoMT) is opening up a new world of possibilities to improve upon patient care, while also Improving operational productivity and effectiveness.

This H-ISAC Navigator webinar will discuss the impact of cyberattacks on healthcare organizations, vulnerabilities that exist, current security measures that in place, what healthcare organizations need to do to build out their security strategy and much more. The webinar will also highlight strategies to secure the IoMT, including how the healthcare space must implement a multi-layer, defense-in-depth approach along with end-to-end threat monitoring of patients, devices and networks.

Visit our Events Page for more information:
https://h-isac.org/hisacevents/healthcare-cybersecurity-the-current-diagnosis-how-to-cure-pain-points/