Healthcare has been the most affected industry by ransomware, data breaches, and hacks. Every week there is news of yet another provider that has been hacked. In multiple cases, this has led to practices shutting down, and patients not even able to get their medical records. The guidance provided to many providers has not specifically addressed what organizations need to do to protect their patients and themselves. There has not been a specific list and toolset they can use to protect themselves, especially against the onslaught of attacks that take advantage of decreased security due to COVID-19.
In addition, there have been many snake oil companies out there that have only provided risk assessments, costing smaller providers tens of thousands of dollars, while not delivering anything of value. We want to change that and provide maximum value and immediate returns.
We want people to take what we've developed and released here and use it as guidance for developing their own information security programs at small practices while not wasting money for info they will not use. Our families and friends use these providers and give them their most personal information. We want to make sure that we give back. If we stop at least one attack and protect the information of those patients with this information, it's worth it.
Instead of a toolkit that is meant to demonstrate exploits, or a framework that takes a long time to implement, we're giving something that anyone can use to help their local providers out in securing the information their patients entrust them with.
Mitchell Parker, CISSP, is the CISO at IU Health. Mitch has done a significant amount of work in researching the effects of cloud and distributed computing, network-based threats, compliance, and privacy and security requirements on connected health devices. Mitch works collaboratively with a number of EMR, infrastructure, and biomedical equipment vendors to improve their security postures and provide a better quality of service. He currently resides in Carmel, IN, with his wife, two children, and two cats.
Tim Vidas is a Senior Distinguished Engineer at Secureworks working to foster innovation and help secure human progress. In the past, Tim has led the DARPA Cyber Grand Challenge infrastructure team, and overseen the digital forensics research group at CERT.
Tim earned highly esteemed DEF CON Black Badges for winning its Capture the Flag contest and is a member of The Shmoo Group, a nonprofit research think-tank comprised of security professionals from around the world. Tim holds a B.S. and an M.S. in computer science and a PhD in ECE from Carnegie Mellon University