Podcasts about cynergistek

In this episode of The Risk Perspective, we speak with Andrew Mahler, former OCR Investigator and CynergisTek's VP of Privacy and Compliance about the recently issued OCR guidance on patient privacy in the wake of The Supreme Court decision on Roe. Listen for a debrief of the OCR's guidance that addresses: How federal law and regulations protect individuals' PHI and provides clarification on disclosure laws  Information about what's protected, and what's not when using health information apps on smartphones. Episode Resources:  The guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care  The guidance on Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet Information on filing a complaint if you believe that a HIPAA-covered entity or its business associate violated your health information privacy rights or committed another violation of the Privacy, Security, or Breach Notification Rules Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments for feedback and topic suggestions!

In this episode, we have a candid conversation with Dave Bailey, Jon Benedict, (of CynergisTek), and Ben Stock (Ordr) about the challenges facing medical device security. We talk about the motivators of attackers, why you can't rely on backups anymore, what you need to do to take control and maintain defense, and more. We also talk about how to manage these challenges and include a special promotion for listeners to earn a free consultation with our medical device expert (listen for the details).  Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments for feedback and topic suggestions!

In this episode, Russ talks with Mac McMillan about his recent return to helm CynergisTek as President and CEO once again. McMillan draws on his years of experience in the military, in government and as a cybersecurity expert to lay out his three principles for leadership: Mission, Service, and Integrity. He highlights the crucial need for healthcare organizations to shift their cybersecurity paradigm away from compliance and instead strategize for resilience against cyberattacks. McMillan encourages CHIME to continue to serve as a brain trust for the community and a powerful voice to drive change through the collective expertise of its members.

The Risk Perspective is back and so is Mac McMillan! Kicking off season 3, Mac McMillan, CEO, President, and Founder of CynergisTek joins us to talk about CynergisTek's Resilience Partner Program, a unique approach that helps organizations evolve their security and privacy posture by reducing cyber risk and helps them build an approach that responds every day. Listen as Mac talks through this new methodology including why it's time for healthcare to finally (and actually) make the shift, and understand how CynergisTek's solutions help map out your resilience journey and keep things simple. Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments.

CynergisTek's Annual Report Finds Two-Thirds of Health Systems Failing at Cybersecurity PreparationThe report identified  several areas for continued improvement in planning and preparedness,  especially seeing as only 75% improved during the coronavirus pandemic – even  then only slightly. While that is progress, it isn't the progress the industry  needs to shore up defenses. Investing in security, in the long run, is often  ultimately more cost effective than paying the recent exorbitant ransoms.”The issues I would call out would include asset management;  if you don't know what you have or where it is, you're not going to do well.  It's the first step in the NIST framework, and to know that seventy-three  percent of our customers are failing to meet that, it's not a good start.And because of what happened last year, NIST added supply  chain risk management about three years ago, and we've been doing supply chain  risk management assessment for a while. So eleven of our seventy-eight  customers achieved a score of three-point-zero out of five, meaning that  they're actually beginning to do that. It's kind of like a “C” grade. And only  eleven of the seventy-eight achieved that; everyone else got a D or an F.https://www.hcinnovationgroup.com/cybersecurity/data-breaches/article/21232566/cynergisteks-annual-report-finds-twothirds-of-health-systems-failing-at-cybersecurity-preparation

Ukrainian government websites may have come under an unspecified cyberattack early this week. Kaseya delays its VSA patch until Sunday, and offers assistance to victims of VSA exploitation by REvil. The US continues to mull its response to Russia over REvil and Cozy Bear. A small electric utility's business systems go offline after a ransomware attack. Microsoft continues to grapple with PrintNightmare. Caleb Barlow from CynergisTek on the changing Cyber Insurance landscape. Our guest is Kwame Yamgnane from Qwasar on how he seeks to inspire minority kids to code. And the US will try again to get Julian Assange extradited.  For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/130

How at Risk Are Our Healthcare Networks?     Civilian hospitals organized to give care to the wounded and sick, the infirm and maternity cases, may in no circumstances be the object of attack, but shall at all times be respected and protected by the Parties to the conflict.  -- Geneva Conventions; Article 18, Section 3, Fourth Geneva Convention   Even at humanity's worst, we could reach agreements on the kind of behavior that was acceptable in times of war. Attacks on healthcare delivery organizations around the world are ramping and it appears that the attackers have little regard for the collateral damage ransomware attacks cause. How can the industry evolve to ensure that devices that are integral to keeping people alive are also protected from attackers   Matt Stephenson welcomes CynergisTek Executive Vice President David Finn alongside Forescout Senior Director of Healthcare Tony Douglas for an in-depth discussion of what is happening in the world of securing Healthcare Delivery organizations. We talk about leveraging the native complexity of healthcare technology and what can be done to mitigate risk in order to protect the lives of patients as well as the data inside the networks.   About David Finn David Finn (@DavidSFinn) is the Executive Vice President, External Affairs, Information Systems & Security at CynergisTek. He has been involved in leading the planning, management and control of enterprise-wide, mission-critical information technology and business processes for more than 30 years. He was Vice President, CIO and Privacy/Information Officer at Texas Children's Hospital for nearly eight years. This unique experience in risk management and control objectives of technology (including audit, security, and privacy) allows him a distinctive perspective in the design and implementation of business applications and the processes that the technology must support. He is known for creatively engaging all types of audiences, conveying messages that even change-resistant users listen to and remember. David is a member of the Health Management Technology Editorial Advisory Board.   True story… David presented Ray Charles with his 40th birthday cake. That is a thing that happened.   About Tony Douglas Tony Douglas is the Senior Director of Healthcare at Forescout. He is an accomplished IT professional with over 19 years of experience, focused in the vertical markets, namely the healthcare industry. Tony operates as strategic partner with the Executive team, where he is passionate about the role of information technology and the possibilities it offers for improving the quality and efficiency of patient care.   About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well.   In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know...   Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...   If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

Post By: Adam Turteltaub America's data is under attack. Solar Winds and other recent headline-grabbing stories have demonstrated that foreign adversaries are eager to hack into computer systems for a wide range of purposes. The US Department of Defense has had its supply chain hit hard, and to help protect both the chain and the nation's assets has pursued the Cybersecurity Maturity Model Certification (CMMC), with a multi-level approach requiring outside certification, not the self-certification as in the past.  Although only for defense contractors, it is a model worth watching since it may eventually expand, in one form or another, to additional areas of government contracting. In this podcast Tony Buenger, Cyber Security Consultant and Instructor, and Marti Arvin, Executive Advisor, both of CynergisTek explain some of the complexities of CMMC and its many levels. Level 1 covers basic hygiene and is primarily focused on technical security controls. Level 3 is a certification that requires maturity in terms of documented policies and procedures that have been institutionalized. Level 5, the highest level, is focused on persistent threats. Notably CMMC focuses not just on technology, but also on processes and people, even looking to ensure that the process are built into the organization's governance. As a result, it's not a standard for just the CISO or CIO to handle. CMMC is a commitment that needs to be institutionalized, takes time, and requires both trust and ongoing verification. In sum, it very much requires the maturity that is a part of its name. Listen in to learn more about CMMC and what your organization needs to do now, and possibly in the future.

Protecting patient information is critical. But it is a delicate balance between minimizing a healthcare organization's risk and enabling development staff to raise mission-critical funds. In this episode Marti Arvin, Executive Advisor at CynergisTek, joins Blackbaud's Liza Turcotte for a candid discussion on working together to create this appropriate balance.  Topics Discussed in This Episode: Compliance officer's viewpoint on sharing patient data Grateful patient programs Creating a balance between data needed and wanted Expectations for the development team related to patient information Ideas for working together as a team DISCLAIMER: Nothing in this podcast is intended to be legal advice—please consult your organization's own legal counsel.  Resources: Marti Arvin White Paper: HIPAA and Fundraising: Understanding the Regulations, Roles, and Compliance Quotes:  “The risk appetite of the organization is something that's up to senior leadership.” “As long as I felt my leadership had made an informed decision, I could sleep at night.” “It's not just HIPAA in all cases that you have to consider, so if you've made yourself aware of what the HIPPA regulations are, that may not be enough.”

Post By: Adam Turteltaub America's data is under attack. Solar Winds and other recent headline-grabbing stories have demonstrated that foreign adversaries are eager to hack into computer systems for a wide range of purposes. The US Department of Defense has had its supply chain hit hard, and to help protect both the chain and the nation's assets has pursued the Cybersecurity Maturity Model Certification (CMMC), with a multi-level approach requiring outside certification, not the self-certification as in the past.  Although only for defense contractors, it is a model worth watching since it may eventually expand, in one form or another, to additional areas of government contracting. In this podcast Tony Buenger, Cyber Security Consultant and Instructor, and Marti Arvin, Executive Advisor, both of CynergisTek explain some of the complexities of CMMC and its many levels. Level 1 covers basic hygiene and is primarily focused on technical security controls. Level 3 is a certification that requires maturity in terms of documented policies and procedures that have been institutionalized. Level 5, the highest level, is focused on persistent threats. Notably CMMC focuses not just on technology, but also on processes and people, even looking to ensure that the process are built into the organization's governance. As a result, it's not a standard for just the CISO or CIO to handle. CMMC is a commitment that needs to be institutionalized, takes time, and requires both trust and ongoing verification. In sum, it very much requires the maturity that is a part of its name. Listen in to learn more about CMMC and what your organization needs to do now, and possibly in the future.

Zoom prankers deceive European members of parliament with a deepfake video call. A password manager is compromised. Europol took a good whack at Emotet yesterday, removing the botnet’s malware from infected machines. US response to the Holiday Bear campaign receives cautious good reviews. A cyberattack interferes with cancer treatments. Caleb Barlow from CynergisTek on emergency notification systems. Rick Howard previews the latest CSO Perspectives podcast focused on the healthcare vertical. And movie-themed phishbait chummed the waters around yesterday’s Oscars. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/79

Ben Denkers of CynergisTek and Patrick Guay of Pcysys join us this week to discuss CynergisTek's new continuous pen-testing service. Learn about automated pen-tests that continuously conduct ethical exploits and deliver prioritized threat-based weaknesses.  Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

David Finn, EVP of Strategic Innovation at CynergisTek, talks with Jesse Fasolo, the Director of Technical Infrastructure and Cybersecurity at Saint Joseph's Hospital in Paterson, NJ about how Jesse built (and continues to build) a successful security program over the last 6 years.  Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Cring ransomware afflicts vulnerable Fortigate VPN servers. Distance learning in France stumbles due to sudden high demand, and possibly also because of cyberattacks. Hafnium’s attack on Microsoft Exchange Servers may have been long in preparation, and may have used data obtained in earlier breaches. Commerce Department adds seven Chinese organizations to its Entity List. 5G security standards in the US are said likely to emphasize zero trust. Atlantic Media discloses a breach of employee data. Caleb Barlow from CynergisTek with a clever way of thinking about ransomware preparedness. Our guest is Amit Kanfer from build.security on authorization, a problem he says remains mostly unsolved. And emissions testing stations in some US states remain down. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/67

The FBI warns organizations that Mamba ransomware is out and about in a newly evolved form. Facebook takes down a Chinese cyberespionage operation targeting Uyghurs. Huawei joins the Organization of Islamic Cooperation. Slack thinks it might have made a security and privacy misstep. Caleb Barlow from CynergisTek on Healthcare Interoperability. Our guest is Roei Amit from Deep Instinct on their 2020 Cyber Threat Landscape Report. And a look at fleeceware. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/57

In this episode, we get to know Rob Teague, Information Security Engineer at CynergisTek, and CMMC Registered Practioner at Redspin, CynergisTek's non-healthcare division. Listen as we get to know Rob's perspective on the industry, what inspires him, and how his military background ties into all aspects of his professional and personal life.    Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

CynergisTek's Privacy team joins us this week to discuss user access monitoring. Together, Andrew Mahler and Neaomi Quartucci chat about patient user access challenges, and how CynergisTek can help monitor, and report on inappropriate patient record access, helping privacy and security offices sleep better at night.    Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Lazarus Group seems to have had an IE zero day. Brazilian power utility discloses a ransomware attack on business systems. TrickBot’s back. Automated attacks are going after web applications. Two security firms report breaches. Patching notes. A look at life in the cleared community. Caleb Barlow from CynergisTek with protocols and best practices for handling inbound intel. And Washington and Moscow hold the usual frank discussions--the Americans, at least, talked about cybersecurity. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/24

Description: On January 5th, 2021, an amendment to H.R 7898, the HITECH Act was signed into law. The law incentivizes the adoption of cybersecurity framework NIST as part of defense or mitigation to HIPAA enforcement. To discuss this long awaited accomplishment and overall win for cybersecurity practice as a whole, we are honored to have Mac McMillan and David Finn as this week’s guest speakers. Mac McMillan, Founder of CynergisTek has won 2019’s CHIME Foundation Industry Leadership Award, 2020’s Leadership Excellence Award in the cybersecurity sector from Baldrige Foundation, and is recognized as an industry icon. Listen in as Mac and David discuss this monumental law, and reflect on their work as longtime NIST advocates and cybersecurity catalysts.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Years ago, an organization’s security program consisted primarily of assessing risk and remediating the high-risk priorities. With today’s advancements in technology and the ever changing demands on both people and processes, the industry is moving towards validating the effectiveness of their security. In this episode of The Risk Perspective CynergisTek’s Sr. Vice President of Security and Privacy Ben Denkers describes the new services CynergisTek has developed to meet industry demands in needing security validation solutions.With 2020 behind us and the new year ahead, Ben will review services such as Security Control Validation, Project API Sentry, and 24/7 adversary validation you can use to incorporate into your 2021 risk strategy.You can also view the slide deck for this episode, presented by Ben Dankers at the CTEK summit here. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

David Finn, EVP of Strategic Innovations joins for part two of Security Resilience in 2021 to discuss cyber resilience from a couple of key perspectives. Also joining David is Morgan Habecker CTEK Manager of Red Team and Andrew Bindner Senior Consultant on the Red Team at CynergisTek.Cyber resilience is an evolving perspective that is rapidly gaining recognition. In this episode, we look at cyber resilience from a unique operational perspective. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Today David Finn, EVP of Strategic Innovations joins us to discuss cyber resilience from a couple of key perspectives. Also joining David is Dave Bailey Director of Security Services and Ryan Stewart, Manager of CynergisTek’s vCISO and IR Services.Cyber resilience is an evolving perspective that is rapidly gaining recognition. In this episode, we discuss areas of information security, business continuity, and organizational resilience together from a CISCO and a CIOs perspective. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Ghosts in the virtual machines. Cloudbursts in the forecast. The US Intelligence Community is preparing a report on foreign election interference. CISA has a new interim director. A view of the threat landscape from Canada. Caleb Barlow from Cynergistek on reclassifying the internet as critical infrastructure. Our guests are Shai Cohen and Brooke Snelling from TransUnion on building trust in a digital consumer landscape. And a look into the near future. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/224

Ben Denkers, Senior Vice President of Security and Privacy for CynergisTek sits down to talk to Ted Harrington about his new book Hackable: How to Do Application Security Right. Ted discusses what he has observed organizations doing and stories about some of these challenges he has seen organizations face with application security. Ted breaks down his book which discusses lessons from the front lines of ethical hacking about how software gets broken, how it gets hacked, and what to do about it.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Jeremy Molnar, Senior Vice President of Client Success and Solution Development, and Andrew Bindner, Senior Consultant, Red team at CynergisTek discuss Adversary Validation and how it is the next stage in evolution for penetration testing. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Do you have a good security program in place? Ben Denkers, Senior Vice President of Security and Privacy, and Dave Bailey, Director of Security Services at CynergisTek discuss topics around validation in the cybersecurity world and why it is so important to try to keep up with today's threats. Ben and Andrew highlight effective processes and the technologies you should deploy.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Emailed election threats to US voters are identified as an Iranian influence operation, disruptive, and so more in the Russian style. Both Iran and Russia appear to be preparing direct marketing influence campaigns. Cyber criminals are also exploiting US election news as phishbait. Seedworm is said to be ‘retooling.” Caleb Barlow from Cynergistek on contact tracing and privacy as students head back to school. Our guest is Jadee Hanson from Code 42 on juggling priorities and protecting her organization as external and internal threats constantly take aim. And TASS deplores the “blatant Russophobia” of recent Five Eyes’ official remarks. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/205

CynergisTek has partnered with Awake Labs to discuss what a Compromise Assessment is, breakdown the concept of the compromise assessment, and why organizations should consider one. They discuss the technical capabilities and framework of a Compromise Assessment and what specific methodology is taken in order to perform a compromise assessment.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Dave's story is about how some adware took a turn for the worse (and how his dad has fallen adware in the past), Joe's story talks about how someone is trying to phish AT&T employees and others, The Catch of the Day is an OfferUp scam on an rtx 3080 (you gamers know what that is), and later in the show, Dave's conversation with Caleb Barlow from Cynergistek reacting to the recent story of the tragic death of a woman due to hospital ransomware. Links to stories: Linkury adware caught distributing full-blown malware Phishing Page Targets AT&T’s Employee Multi-Factor Authentication Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

CynergisTek has partnered with Healthlink Advisors for a three-part video series to discuss the considerations for healthcare providers as it relates to the regulations around information blocking including who is impacted, what is information blocking, key dates and what is impacted preparing health organization’s for the upcoming CMS 2020 Interoperability Rule.Watch the video series:Compliance Regulation Related to Information Blocking – Part OneCompliance Regulation Related to Interoperability – Part TwoVisit the ONC Website on Core Data for Interoperability (USCDI)https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdiSubscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

CynergisTek has partnered with Healthlink Advisors for a three-part podcast series to discuss the considerations for healthcare providers as it relates to the regulations around information blocking including who is impacted, what is information blocking, key dates and what is impacted preparing health organization’s for the upcoming CMS 2020 Interoperability Rule.Watch the video series: Compliance Regulation Related to Information Blocking - Part OneCompliance Regulation Related to Interoperability - Part TwoSubscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

The US Commerce Department announces a clampdown on TikTok and WeChat, to begin Sunday. An overview of the Grayfly and Blackfly units of APT41. Maze begins delivering payloads inside a VM. A ransomware attack on a Düsseldorf hospital is implicated in the death of a patient. Google wants less stalkerware and misrepresentation in the Play store. Caleb Barlow from Cynergistek on the Military's CMMC program. Our guest Galina Antova from Claroty highlights importance of secure remote access in industrial systems during times of crisis. And an alleged fox was allegedly guarding the henhouse. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/182

The Market for Virtual help is expanding. We’ve reached a level of specialization where a CISO simply cannot own all of the risk alone anymore. With the growing focus organizations have on cyber risk management, we welcome a new hat to the “risk mix”, the Virtual Cyber Risk Officer, A.K.A. a vCRO. In this episode of The Risk Perspective, CynergisTek’s EVP of Strategic Innovation, (and former CIO) David Finn, along with Ryan Stewart Manager of CynergisTek’s vCISO and IR Services discuss the new and emerging role of a vCRO. Together they dissect the differences between vCISOs and vCROs, how they complement each other, why a vCRO is needed, and more.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

An update on Fancy Bear and its Drovorub rootkit. Karma Panda, a.k.a. CactusPete, is scouting Eastern European financial and military targets with the latest version of a venerable backdoor. How criminals and terrorists exploit COVID-19, and how law enforcement tracks them down. Caleb Barlow from Cynergistek covers security assessments and HIPAA data. Our guest is Ryan Olson from Palo Alto Networks on the 10th Anniversary of Stuxnet. And those celebrity endorsed investment scams aren’t actually endorsed by celebrities, and they’re not actually good investments. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/158

Part two of our two-part series on mergers and acquisitions focuses on compliance considerations around M&A transactions. Together, CynergisTek’s compliance experts, Marti Arvin and Andrew Mahler discuss compliance roles throughout an M&A process. As M&A transactions have increased during the time of COVID-19, has there been a change in focus regarding compliance when it comes to due diligence? Is it ok for Chief Compliance Officers to weigh in during a transaction, if they have compliance related concerns, and where and how can third parties help during an M&A? Marti and Andrew will address these questions, and more in this episode which serves as a follow up to episode #4, part one “Privacy and Compliance Considerations Around Mergers and Acquisitions, Part One”.  Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

In this episode of The Risk Perspective, we bring in Merger and Acquisition (M&A) gurus; Marti Arvin (Executive Advisor at CynergisTek), and Michael Loria (EVP at Brightcove, and former VP of Business Development for the IBM Security Division). Together, they discuss security and privacy considerations when it comes to mergers and acquisitions. Who should be involved, and when? What can the Tech field, teach healthcare? And How can third Parties help? Answers to these questions and more can be found in this easy to listen episode. Remember to tune in next week for Part 2, where we will dissect the compliance side of M&A. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Ransomware is a trending topic for healthcare in 2020. So, this week we are discussing ransomware with CynergisTek’s CEO, Caleb Barlow. Should you pay a ransom, or not? Does cyber insurance help cover anything? Is it legal to pay a ransom? Caleb answers these questions and more in this week’s episode of The Risk Perspective. Listen now to hear a CEO’s expert opinion and recommendations on how to prep and respond to ransomware during the time it’s at an all-time high. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

Healthcare organizations are adding tools without the proper security frameworks in place which is ultimately hurting their NIST scores.In this first episode, of season 2 of The Risk Perspective, CynergisTek's Dave Bailey and David Finn (described as "the CTEK Statler and Waldorf") discuss what has caused NIST scores to decline over the last few years. The addition of tools, trainings, and the overall changes to threat environments are negatively impacting NIST scores. Healthcare organizations are learning the hard way... what was successful in the past, isn’t going to be successful today. Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com. 

Twitter’s transparency efforts see through accounts being run by Chinese, Russian, and Turkish actors. Zoom is working to both comply with Chinese law and contain the reputational damage involved in doing so. Industrial firms recover from Ekans infestations. Caleb Barlow from CynergisTek on how hospital CISOs are dealing with the COVID-19 situation. Our guest is Ronald Eddings from Palo Alto Networks and the Hacker Valley Studio Podcast on strategies for finding and managing security architects. And it’s not Posh Spice who’s got the attention of Maze; it’s just her M&A advisors. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/114

Post By: Adam Turteltaub A hospital has a patient with COVID-19. Can it share this information with the media if the patient isn’t named? A patient in the ER hears the person in the next room coughing. He asks if that person has COVID-19. Can you tell him? An employee tells her boss she has COVID-19. What can the boss tell the rest of the office? The corona virus pandemic has led to endless questions about what is and isn’t permissible in both healthcare and other settings. Tackling the issues in this podcast are Joan Podleski, Chief Privacy Officer, Children’s Health; Marti Arvin, Executive Advisor, CynergisTek; and Adam Greene, Partner, Davis Wright Tremaine. As they explain, for healthcare organizations, there needs, as always, to be great sensitivity to HIPAA and what is considered personal health information (PHI). For employers in the rest of industry, HIPAA generally doesn’t apply but the American with Disabilities Act (ADA) may limit what you can and cannot share. It can even affect how you store the information about a COVID-19 patient in your systems. Compliance teams need to be alert to these and many other potential issues. Our podcast guests also advise compliance teams to ensure that IT systems are being used properly by remote employees. The family sitting around the dinner table is great at dinner, but not if there is PHI that the kids can see. Listen in to learn more about permissible, impermissible and accidental disclosures in the time of COVID-19.

In this episode of The Risk Perspective, we are joined by David Holtzman, Executive Advisor at CynergisTek, and industry-recognized HIPAA expert. We are also excited to be joined by a new guest, Andrew Mahler, Senior Manager of Privacy and Compliance Services at CynergisTek. Andrew has a background serving as an Investigator for the U.S Department of Health and Human Services Office for Civil Rights (OCR).Together, Andrew and David highlight and discuss major HIPAA violations in the past, speak about the importance of OCR regulations and involvement, as well as talk about how HIPAA disclosures to the media have changed during the time of COVID-19. This 34-minute episode deep dives into HIPAA media disclosures and is sure to benefit all listeners from marketing specialists to CISO.Links To Content and Articles:Read David Holtzman's blog 'OCR Warns Hospitals: No News Media in Treatment Areas Without Patient Authorization' written on MAY 27, 2020. David Holtzman was recently quoted in HealthcareInfoSecurity's article 'Inside Job at Clinics: Mobile Phone Used for Fraud', written by Marianne Kolbasuk McGee to discuss potential risks posed by employees inappropriately using personal devices during COVID-19.For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

Marti Arvin, Executive Advisor at CynergisTek, and industry-recognized compliance thought leader joins us for this week’s episode #19, “Compliance Does Not Stop for Covid-19”. In this episode, Marti breaks down the seven elements of an effective compliance program and applies them to the current Public Health Emergency/Coronavirus pandemic. “Covid-19 has created a crisis for every Healthcare organization. How they handle [it] is going to vary, but compliance does not stop for Covid-19” says Marti. Listen to this episode for a high-level, yet informative overview of compliance considerations your organization needs to continue during these trying times. Links:Listen to Marti Arvin's previous podcast episodes CMS Waivers For Hospitals Under COVID-19: An overview of compliance considerations - Part I, Part II, and Part IIIDownload our 30/60/90 day checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling the Security Debit.”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

CynergisTek's Executive Advisor Marti Arvin and first-time guest Andrew Bindner, Senior Offensive Security Consultant for CynergisTek join us today to discuss the importance of keeping up a strong privacy and security program during a high priority pandemic such as COVID-19. Andrew and Marti talk about why privacy and security have to go on even in the current environment that we see ourselves in at the moment. As they weigh out the risks that an organization may face if leadership decides to minimize their privacy and security efforts. Links:Download our checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling The Security Debt”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

A cyberattack with kinetic effect. Shiny Hunters post more stolen wares online. Thunderspy and evil maids. Some developing background to the US bulk power state-of-emergency Executive Order. Contact tracing apps: reliability, privacy, security, familiarity, and rates of adoption all raise questions. The economic consequences of the pandemic emergency. Caleb Barlow from CynergisTek on Alan Brunacini’s concept of an Incident Action Plan, our guest is James Yeager from CrowdStrike on their Global Threat Report. And the reappearance of the yellow press in social media. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/May/CyberWire_2020_05_11.html

Carrie Whysall, Director of Managed Security Services for CynergisTek joins us to discuss supply chain and third-party risks and why managing the level of risk brought into your organization is so important. Carrie breaks down the impacts your organization could be facing due to the COVID-19 pandemic. She will examine the importance of vendor security management and the process of building and maintaining relationships with your vendors to ensure you have a clear understanding of the services being provided and the risks that may be inherent in that relationship with the vendor, especially in regards to new telehealth vendors you may be using during the COVID pandemic. Carrie will also discuss what an effective VRM program entails and how your VRM program can help you determine, manage, and monitor potential third-party risks.To view Carrie's slides via Slideshare visit: https://insights.cynergistek.com/slideshares/supply-chain-and-third-party-risks-during-covid-19

David Holtzman, Executive Advisor for CynergisTek sits down to discuss how healthcare organizations can flatten the curve in the spike of cybersecurity incidents that we are seeing during the COVID-19 pandemic. He will discuss strategies to leverage training materials designed to increase the information security IQ for health care providers and administrative staff working from home or using their personal devices to access information networks. David will also explore why video conferencing and text messaging technologies that meet the requirements of the HIPAA Security Rule standards could provide healthcare organizations resilience in this exceptional time. Read David Holtzma's article "COVID-19: Tips for Secure Remote Worksites, Telehealth Video, and Messaging" on more information about telehealth and remote worksites. 

Reports to the contrary, as far as anyone really knows, North Korea’s Kim is still large and in charge. Poland reports Russian disinformation effort. The EU issues a controversial report on COVID-19 disinformation amid accusations that Europe is knuckling under to Chinese pressure. A cyberattack on wastewater treatment systems in Israel is reported. And the old Hupigon RAT is back, and looking for love. Caleb Barlow from CynergisTek on his responsibilities during an incident from the SOC operator to the CEO, guest is Dave Weinstein from Claroty on threats and existing security violations facing the U.S. critical infrastructure. For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_27.html

Matt Dimino, Medical Device Security Consultant with CynergisTek joins us to discuss cyber hygiene for clinical equipment and the precautions you should take while these devices are on in high demand. Matt breaks down best practices and considerations healthcare delivery organizations should undergo to improve safety and reduce the threat landscape of the medical device ecosystem during the COVID-19 emergency. You may find Matt's related blog on practicing good cyber hygiene for medical equipment during COVID-19 at https://bit.ly/2VtG78l You may also read Matt's article on supporting medical equipment demands during COVID-19 at https://bit.ly/3au7C6d

David Holtzman, Executive Advisor for CynergisTek sits down to discuss how healthcare organizations can flatten the curve in the spike of cybersecurity incidents that we are seeing during the COVID-19 pandemic. He will discuss strategies to leverage training materials designed to increase the information security IQ for health care providers and administrative staff working from home or using their personal devices to access information networks. David will also explore why video conferencing and text messaging technologies that meet the requirements of the HIPAA Security Rule standards could provide healthcare organizations resilience in this exceptional time.Podcast Links: View the HHS.Gov Visio-Emergency Preparedness Disclosures chart: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/emergency/emergencyprepdisclose.pdf Read a contributing article from David Holtzman: Tips for Secure Remote Worksites, Telehealth Video, and Messaging https://bit.ly/3br5jlz Read a recent article from David Holtzman about how OCR relaxed HIPAA Rules for COVID-19 testing sites: https://bit.ly/3eBZKmp.

We often hear cybersecurity professionals talking about red teams, blue teams, and purple teams. In this episode of CyberWire-X, we investigate what those terms mean, how security teaming approaches have changed over time, and the value of teaming for organizations large and small. Join us for a lively conversation with our experts Austin Scott from Dragos, and Caleb Barlow, from Cynergistek in part one. In part 2, we’ll also hear from Dan DeCloss from Plextrac, the sponsor of today’s episode. 

Matt Dimino, Medical Device Security Consultant with CynergisTek joins us today to discuss challenges that we are facing during the COVID-19 Crisis, the use of medical devices, and the threat of not having enough equipment to accommodate COVID-19 patients' during the crisis. Matt talks in-depth about strategic measures clinical leadership, information technology teams, and clinical engineering should be taking over the next couple of months. As well, Matt dives into basic medical equipment and how they can be the most impactful during the COVID-19 Crisis.  To read more about supporting medical device equipment demands during COVID-19 read our latest blog post written by Matt at https://insights.cynergistek.com/blog/supporting-medical-equipment-demands-during-covid-19

Dave shares the details of New York’s new data breach notification law and how it may affect businesses. Ben examines the Electronic Frontier Foundation’s approach to evaluating government demands for new surveillance powers. And later in the show our conversation with David Holtzman from CynergisTek. We’ll be looking at how HIPAA privacy and security standards have been impacted by the federal response to the Covid-19 pandemic. Links to stories: New York’s New Data Breach Notification Law: What Businesses Should Know How EFF Evaluates Government Demands for New Surveillance Powers Listener on the line: First-Ever CCPA Cause of Action Filed in a Federal Court, but Is This Class Claim Short-Lived? Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com or simply leave us a message at (410) 618-3720. Hope to hear from you.  Thanks to our sponsor, KnowBe4.

This podcast features David Holtzman, Executive Advisor for CynergisTek, who discusses how healthcare providers can remain compliant with the HIPAA privacy, security and breach notification rules during the COVID-19 pandemic. Learn how the HIPAA privacy and security standards have been impacted by the federal government's response to the pandemic; the rules for sharing PHI in a public health emergency; which messaging and video conferencing applications are safe to use for telehealth; the status of HIPAA enforcement; and what constitutes “good faith” in treatment and is not subject to penalty. He recommends healthcare organizations visit the OCR website at https://www.hhs.gov/hipaa/ for the latest information. Our podcast host is Janet Kennedy of Get Social Health.

Marti Arvin Executive Advisor at CynergisTek joins us to talk about compliance consideration and ensuring that compliance concerns don't slip around telehealth and the coronavirus (COVID-19) outbreak. Marti breaks down the recent announcements from DHHS, OCR, and CMS and discusses what was in place pre-COVID and what has changed with the COVID crisis. You may read the latest blog post on the subject at https://insights.cynergistek.com/blog/telehealth-and-coronavirus-compliance-considerations-to-think-about OCR Allows Internet Apps for Telehealth During COVID-19 Emergency blog post: https://insights.cynergistek.com/blog/ocr-allows-internet-apps-for-telehealth-during-covid-19-emergency

Operation Pinball roils up Eastern Europe and the Near Abroad. Crooks who can’t write idiomatic American English are spoofing emails from the White House in a COVID-19-themed phishing campaign. CISA updates telework guidelines for Federal agencies. Some GDPR fines are deferred until after the pandemic. Zoom continues to reel from its success. And fleeceware is found in the iTunes store. Caleb Barlow from CynergisTek on OODA loops, guest is Or Katz from Akamai on how current industry (and employee) phishing defenses are being bypassed by attackers. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_09.html

Caleb Barlow, president and chief executive officer of Cynergistek, shares best practice VPN strategies, in the wake of the COVID-19 pandemic and the increase in telehealth and remote work. He outlines recommended tech and policies, as well as the current threat landscape as hackers seek to profit from the national emergency.

Marti Arvin, Executive Advisor for CynergisTek sits down to talk about user access monitoring in the COVID crisis and things that organizations should be doing on a routine basis and the importance during the COVID-19 crisis.  You can view this in video format while listening to this episode visit https://youtu.be/4cW93dpmPDo.  Read Marti's blog "User Access Monitoring in the Current COVID-19 Crisis".

David Holtzman, executive advisor at CynergisTek talks about OCR and its recent notification regarding its enforcement discretion in applying penalties for violations of the HIPAA rules for health care providers using telehealth during the current Coronavirus or COVID-19 health emergency.  If you would like to view the slides while listening to this episode visit https://youtu.be/ngtN7NQoMX4. 

Welcome to CTEK Voices: The Risk Perspective hosted by Lauren Frickle of CynergisTek. This regular podcast series will address cybersecurity Privacy and Compliance issues related to the coronavirus pandemic and will focus on healthcare providers and companies that provide products and services to the healthcare sector. Our recognized industry subject matter experts will address multiple topics ranging from cybersecurity to medical devices, to supply chain, and so much more.

CISA reports a ransomware infestation in a US natural gas compression facility--it arrived by spearphishing and there are, CISA thinks, larger lessons to be learned. A new threat actor, possibly linked to China’s government, is running an espionage campaign against gambling and betting operations in Southeast Asia. More notes on firmware signatures. Huawei loses one in US Federal Court, and the defense asks for a mistrial in the Vault 7 case. Caleb Barlow from CynergisTek on Wigle and the impact your SSID name can have on your privacy, guest is Anita D’Amico from CodeDX on which developers and teams are more likely to write vulnerable software. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_19.html Support our show

UN agencies in Geneva and Vienna were successfully hacked last summer in an apparent espionage campaign. Avast shuts down its Jumpshot data analysis subsidiary and resolves to stick to its security last. Facebook reaches a preliminary, $550 million settlement in a privacy class-action lawsuit. SpiceJet and Sprint suffer data exposures. LiveRamp was compromised for ad fraud. And Russia blocks ProtonMail and StartMail. Caleb Barlow from Cynergistek on the business impact of ransomware on a hospital. Guest is Matthew Doan, cyberecurity policy fellow at New America, discussing his recent recent Harvard Business Review article “Companies Need to Rethink What Cybersecurity Leadership Is.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_30.html Support our show

Iran took some missile shots at two US air bases in Iraq last night, and President Trump barked back in a late morning press conference, but actually both sides seem inclined to move toward de-escalation. No major Iranian cyberattacks have developed, despite some low-grade skid vandalism of indifferently defended sites, but CISA’s warnings seem generally to be taken seriously. And the Cyber Solarium gave a preview of its recommendations for a US national cyber strategy. Caleb Barlow from CynergisTek with insights on potential cyber attacks from Iran. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/January/CyberWire_2020_01_08.html Support our show

CynergisTek is a top-ranked cybersecurity firm dedicated to serving the information assurance needs of the healthcare industry. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, and compliance goals. Since 2004, the company has served as a partner to hundreds of healthcare organizations and is dedicated to supporting and educating the industry by contributing to relevant industry associations. The company has been recognized by KLAS in the 2016 and 2018 Cybersecurity reports as a top performing firm in healthcare cybersecurity, as well as the 2017 Best in KLAS winner for Cybersecurity Advisory Services.

A defection and a leak expose Chinese espionage and social control operations. Data aggregation and enrichment seem to underlie a big inadvertent data exposure. Something seems to be up in Kazakhstan’s networks. The US FCC takes a swing at Huawei and ZTE. Russia moves closer to its desired Internet sovereignty. A Chuckling Squad member is in custody. A spy goes to prison, cyber hoods do time, and the rats are up to no good in Estonia. That’s the rodents, not the Trojans. Caleb Barlow from Cynergistek with insights gained from a scammer’s call. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_25.html  Support our show

Clickfraud arrives via a third-party SDK, and the app developers who used it say they didn’t know nuthin’. Maybe they didn’t. A Trojanized TOR browser warns its bro’s that, whoa, you’re out of date and the police might see you, but it’s really just stealing the bros’ alt-coin. WiFi bugs are fixed in Kindle and Alexa. Don’t try to jailbreak your iPhone from a sketchy Checkrain site. Two Big Tech companies take different directions on free speech. And Russia gets an assist from Uncle Sam. Craig Williams from Cisco Talos on a Tortoiseshell creating a fake veteran’s job site. Guest is Caleb Barlow from Cynergistek on the challenges of securing medical records. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_18.html  Support our show

The Airbus supply chain is reported to be under attack, possibly by Chinese industrial espionage operators. Phishing campaigns impersonate Google Cloud services. A new commodity information stealer is on offer in the black market. The vBulletin zero-day was weaponized surprisingly quickly. DoorDash discloses a hack that exposed almost five million persons’ data. And a look at JTF Ares operations against ISIS shows commendable attention to increasing the enemy’s friction.  David Dufour from Webroot on the need for a variety of areas of expertise in security. Guest is Caleb Barlow CEO and President of Cynergistek, discussing the security implications of being CEO of a public company. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_27.html  Support our show

Staying ahead of mounting healthcare cybersecurity threats will require a unified approach on the part of healthcare technology management (HTM) and information technology (IT) professionals. In this episode, Cory Brennan, a medical device security consultant for CynergisTek, discusses HTM-IT collaboration, developing a new generation of HTM professionals, risk assessments for medical devices, and establishing a unified regulatory approach to medical device security.

In episode 90 of our monthly show we discuss medical device security with John Nye, Senior Director of Cybersecurity Research and Communication at CynergisTek. Do you use an insulin pump, have a pacemaker or other medical device implant? Are you concerned about medical device security and what the future holds for technology like this? If […] The post Medical Device Security with Special Guest John Nye appeared first on The Shared Security Show.

By Adam Turteltaub adam.turteltaub@corporatecompliance.org Data risks are enormous for any organization these days, which is why, Marti Arvin (Executive Advisor at CynergisTek) and Don Ahart (Internal Auditor, Hunterdon Healthcare) advocate for data management audits. As they explain on this Compliance Perspectives podcast (and also at the 2019 HCCA Compliance Institute), a data management audit is about the logistics of your data:  where it is located, how it is classified, where it is stored, how it is used, who owns it, and who is responsible for maintaining it.  That’s even more complex than it sounds because the temptation is to just look across the network, forgetting that much data is saved on laptops, removable devices and even mobile phones. To avoid getting overwhelmed by the audit, they advise to break it down into manageable parts and recognize that this can be, and probably will be, a multi-year process: once you have the audit done you still need to remediate. Listen in to learn more about what to look for, how to prioritize risks, and how to make your remediation efforts successful.

This podcast is presented by CynergisTek, a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry. The company has been named in numerous research as a top firm that provider organizations turn to for privacy and security, and won the 2017 Best in KLAS award for Cyber Security Advisory Services. In … Continue reading Episode 14: Managing the Aftermath of a Cyber Incident with a Strategic Incident Response feat. David Finn →

Cybercrime Magazine interviews a small giant of cyber, Mac McMillan. He has over forty years of experience in security and risk management in both Government and Industry sectors. Co-Founder and CEO of CynergisTek, Inc. an information a security services firm specializing in consulting and managed privacy, security and audit services for Healthcare. Former Director of Security for two Defense Agencies (OSIA/DTRA) and a retired Marine officer. Serving Chair of the HIMSS Privacy & Security Policy Task Force, Member of several healthcare IT periodical editorial boards, writer and national level speaker on data security in healthcare. 2012 HIMSS Fellow, 10 Most Influential in Healthcare Security, 2013. Sponsored by: https://cynergistek.com/ For more on cybersecurity, visit us at https://cybersecurityventures.com/ Follow Cybersecurity Ventures / Cybercrime Magazine here: LinkedIn: https://linkedin.com/company/cybercrime-magazine/ Twitter: https://twitter.com/CybersecuritySF Apple Podcasts: Cybercrime Magazine Podcast

Today on the show I am talking with Marti Arvin. Marti is the Vice President of audit strategy for CynergisTek and has more than three decades of operational and executive leadership experience in the fields of compliance, research, and regulatory oversight in both academic medical and traditional hospital care settings.   Marti and I are talking about vendor management. This is one of those areas that I think can be very overwhelming and it's hard to know where to start. In our conversation Marti provides some very practical suggestions and tactics to help you evaluate your organization’s vendor relationships and ensure that you have the appropriate controls in place. You can reach Marti at: marti.arvin@cynergistek.com or https://cynergistek.com  Podcast website: www.compliancemastermind.com  Rebekah can be reached at: compliancemastermind@gmail.com Remember to subscribe to the show! Disclaimer: On this podcast I speak only for myself and what I share are the opinions of me alone. My guests also speak for themselves only and do not represent the opinions of their firms or organizations. All content provided on this podcast is for information purposes only. Neither I or my guests make any representations as to the accuracy or completeness of any information on the podcast or in the show notes. This podcast should not be used in any legal capacity whatsoever. Please consult a qualified attorney before taking any action that could have legal implications to you or your business.

John Nye (@EndisNye_com) is the VP of Cybersecurity Strategy at healthcare consultancy #CynergisTek. He's in the process of writing a whitepaper about the issues that are still plaguing healthcare. While every industry in the world has to deal with #security issues, the stakes are highest, and most personal, in healthcare. Because healthcare data is highly sensitive, a breach can cause major problems for the individual and #healthcare organization — in addition to embarrassment and sometimes extortion or blackmail.   We go over some of the things he's found, and discuss how we could address these issues.   Ms. Berlin's course "Disrupting the Kill Chain" is planned to start on the 5th of February, and will be 4 sessions, with new material if you've seen her workshop at previous conferences.  The cost of the class will be $100 USD for access to our Zoom webex. If you'd like to gain access to the videos we'll have for the class, you can buy access to them for $50 USD. Sign up with our Paypal link: Paypal -- When paying, if you want us to send you a different email from your Paypal email, please add it to the 'NOTE' section during your payment. Direct Download: http://traffic.libsyn.com/brakeingsecurity/2018-002-John_Nye-Healthcares-biggest_issues-ransomware.mp3   #Spotify: https://brakesec.com/spotifyBDS RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite   Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec   From our friends at Hack In the Box Amsterdam: "We are gearing up for the Hack In The Box Amsterdam 2018, which is now on its 9th edition, and will take place between the 9th and 13th April at the same venue as last year, the Grand Krasnapolsky hotel in the center of Amsterdam: https://conference.hitb.org/hitbsecconf2018ams/ The list of trainings is already published and looking as awesome as ever: https://conference.hitb.org/hitbsecconf2018ams/training The CFP is open and the review board is already hard at work with the first submissions."     "If you have an interesting security talk and fancy visiting Amsterdam in the spring, then submit your talk to the Hack In The Box Amsterdam conference, which will take place between 9 and 13 April 2018. The Call For Papers is open until the end of December, submission details can be found at https://cfp.hackinthebox.org/. Tickets are already on sale, with early bird prices until December 31st. And the 'brakeingsecurity' discount code gets you a 10% discount".

CynergisTek is a cybersecurity and information management consulting firm dedicated to serving the healthcare industry. In this podcast, David Holtzman,VP of Privacy and Security Compliance Services, discusses cybersecurity threats like ransomware and how CynergisTek can help. Feel free to leave a comment/review!  Visit us at: https://nchica.org/ https://www.facebook.com/NCHICAOrg/ https://www.linkedin.com/company/nchica Twitter @NCHICAorg

CynergisTek is a cybersecurity and information management consulting firm dedicated to serving the healthcare industry. In this podcast, Clyde Hewitt, VP of Security Strategy, discusses some of the new cybersecurity challenges faced by healthcare organizations today, and how CynergisTek can help. Feel free to leave a comment/review!  Visit us at our website, Facebook page, Linkedin, and Twitter: https://nchica.org/ https://www.facebook.com/NCHICAOrg/ https://www.linkedin.com/company/nchica Twitter @NCHICAorg

In this episode, Clyde Hewitt, VP Security Strategy at CynergisTek, discusses the current healthcare cybersecurity landscape and what hospitals should be doing to protect themselves today. Learn how to listen to The Hospital Finance Podcast on your mobile device. Mike Passanante: Hi, this is Mike Passanante. And welcome back to the Hospital Finance Podcast. Today, I’m joined by Read More

In this episode: Andy Grolnick, CEO of LogRhythm, is our feature guest this week. News from: Oracle, Red Canary, Denver Startup Week, LogRhythm, ManagedMethods, Secure64 and more! Full show notes: https://www.colorado-security.com/news/2017/9/16/33-918-show-notes Sure it'll only take 14 minutes to get from Denver to Pueblo, but will the wifi work? This could bring a whole new meaning to "tubing in the rockies." Oracle is laying off a lot of people, as they shift to a cloud focus, Red Canary makes a list of growing CO companies, Colorado = Security is taking over Denver Startup Week, LogRhythm integrates with Cisco, and some thought leadership pieces by ManagedMethods, and Secure64. And probably a little chatting about that Equifax thing too, while we're at it. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. We're continually working to improve the show, and appreciate the feedback we get from our listeners. If you discover any audio issues, or have suggestions for our format, let us know. This week's episode is available on Soundcloud, iTunes and the Google Play store. Reach out with any questions or comments to info@colorado-security.com Feature interview: Andy Grolnick graces us with his presence this week. Andy is responsible for leading LogRhythm through tremendous growth. He talks about the challenges of scaling a company, why they're doing it in Colorado, and what he sees next. As mentioned, Robb previously interviewed Chris Peterson, LogRhythm founder. Check that out here: https://inforeck.wordpress.com/2014/04/21/an-interview-with-logrhythms-chris-petersen/ Local security news: Colorado = Security store! Buy things now Transportation by tube coming to Colorado? Oracle cuts 2500 jobs amid cloud push Working from home on the rise in Denver; here are 12 metro-based companies hiring right now Regis University hosting STEM event to expose girls to tech's hottest job sector: cybersecurity LogRhythm Enhances Cisco's Security Hardware and Software Portfolio Managed Methods Blog: Why the Architecture of your CASB Matters Secure64 Opinion Piece: What would happen if the DNS of the internet were compromised? Vector8 - Threat Hunting and Advanced Analytics Course Job Openings: State of Colorado - Criminal Investigator II - Cyber Crime Investigator Red Sky Interactive - Senior Sales Executive - Colorado Deloitte - Cyber GRC Technical Architect Sr Consultant - Archer Coalfire - Project Manager Lockheed Martin - Cyber College Development Program Ball Aerospace - Information Systems Security Officer I LGS Innovations - Reverse Engineer II Pearson - Director, Global Product Information Security Officer (PISO) ViaSat - Network Security Engineer Lockheed Martin - Cyber Security Director InteliSecure - Director, Information Security, Governance, Risk & Compliance Upcoming Events: This Week and Next: SANS/LogRhythm - SEC511: Continuous Monitoring and Security Operations - 9/18-23 OWASP - September Chapter meeting - 9/20 Corus360 Security Symposium - 9/21 ISC(2) - Denver Meeting - John R. Nye, CynergisTek, Inc. - 9/21 DenverSec - North Meetup - 9/21 Cybertech Girls - 9/23 Denver Startup Week - Cybersecurity - Compliance & Security Panel - 9/25 SANS Rocky Mountain Fall - 9/25 - 9/30 CISO Advisor Alliance - Leadership Summit - 9/26-27 NCC - Cyber Healthcare Exercise - 9/27 Denver Startup Week - Security Founders Panel - 9/27 Other Notable Upcoming Events: SecureWorld Denver - 11/1-2 NCC - Governor's Cyber Symposium - 11/1-3 CTA - APEX Awards - 11/8 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

In this episode: Randall Frietzsche, new CISO at Denver Health, is our feature guest this week. News from: Equifax, Amazon, Optiv, Webroot, Convercent, Ping Identity, SecureSet, Swimlane and more! Full show notes here: https://www.colorado-security.com/news/2017/9/5/32-911-show-notes Who's tracking Equifax's credit score? The biggest breach in history happened this week, and it likely impacted you. And: Denver's going to put up a fight to and land Amazon's home away from home, Optiv adds two big names to their board, Webroot names a new CEO, Convercent is trying to make Denver a more ethical place, Ping Identity is touring, SecureSet gives us the skinny on NICE, and Swimlane's blog is worth a read.  Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. We're continually working to improve the show, and appreciate the feedback we get from our listeners. If you discover any audio issues, or have suggestions for our format, let us know. This week's episode is available on Soundcloud, iTunes and the Google Play store. Reach out with any questions or comments to info@colorado-security.com Feature interview: Randall Frietzsche, CISO and Privacy Officer at Denver Health, was our guest this week. Randall shared with us how he tackled getting integrated into a new company, advice for other new CISOs, where he sees the industry going, and his view on the Colorado security scene.  Local security news: Colorado = Security store! Buy things now. Equifax mega-breach Alleged Equifax hackers demand $2.6 million Bitcoin ransom — or else... The Competition to Host Amazon's Second American Headquarters Is On Optiv adds two big name board members Mike Potts Named as Webroot CEO; Dick Williams to Retire Convercent Hosts Second Annual Ethics & Compliance Event, CONVERGE17 - 10/3-5 Ping Identity Announces Identify 2017 Customer Conference Series SecureSet Blog: New NICE Framework Creates Consistency for Employers and Agencies Swimlane blog: Realizing an Information Security Risk Management Framework Job Openings: WOW! - Senior Security Engineer ProLogis - Senior Security Analyst Vertafore - Application and Product Security Manager Ping Identity - IT Systems Administrator Proofpoint - Senior Sales Engineer Tenable - Regional Sales Manager - West SecureSet - Careers Services Manager Pearson - Cloud Security Architect Security Wolfe - Cybersecurity Consultant OpusBank - Sr Information Security Program Manager Upcoming Events: This Week and Next: ISSA September Chapter Meetings (Deon Mahafee) - 9/12-13 CTA - Insights Series with Forrester Research - 9/13 ISSA COS - September Chapter Meetings - 9/13-14 ISSA - Women in Security SIG - 9/14 SecureSet - Career Conversations: Hilary Constable on Utilizing Your Network- 9/14 CCSK Training - 9/16 ISSA COS - Mini Seminar - 9/16 SANS/LogRhythm - SEC511: Continuous Monitoring and Security Operations - 9/18-23 OWASP - September Chapter meeting - 9/20 Corus360 Security Symposium - 9/21 ISC(2) - Denver Meeting - John R. Nye, CynergisTek, Inc. - 9/21 DenverSec - North Meetup - 9/21 Cybertech Girls - 9/23 Other Notable Upcoming Events: SecureWorld Denver - 11/1-2 NCC - Governor's Cyber Symposium - 11/1-3 CTA - APEX Awards - 11/8 View our events page for a full list of upcoming events If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Clyde Hewitt of CynergisTek discusses cybersecurity threats facing the healthcare industry. Hear his full talk on Tuesday, Sept. 12 at the NCHICA Annual Conference in Durham, NC.

David Holtzman of CynergisTek reviews the 2017 HIPAA audit process, lessons learned from the 2016 desk audits, and explains the steps organizations can take to prepare for an audit. You can hear his full presentation on Monday, Sept. 11 at the NCHICA Annual Conference in Durham, NC.