Healthcare Security Pros Prioritize Sharing and Caring in the Wild, Wild West of Healthcare

Deborah McLain, Director, Heathcare & Life Sciences, Coalfire

Security professionals from healthcare delivery organizations (HDOs), medical device manufacturers, and pharmaceutical companies gathered in Scottsdale, Arizona for the NH-ISAC Cyber Rodeo Summit last month. The big topics were how to share more threat intelligence, while at the same time ensuring the highest level of patient care and safety.

Having attended the past four NH-ISAC biannual summits, I’m always pleasantly surprised at the close-knit circle of members as they share best practices and valuable threat mitigation strategies collectively, reducing the risk of potential attacks. Add to that the attendance of key health government agency leaders from the HHS and FDA who provide the latest information on regulatory and legislative affairs, and you get a week-long roundup of the best and the brightest.

The most popular sessions were like a stampede just to get a seat to hear panels of experts talking about topics from successful multi-factor authentication roll-outs to challenges with getting C-suite and board-level attention on security issues.

The keynote was delivered by Dr. Zubin Damania (alias ZDogg, MD) – a physician turned hip-hop rapper, who put his message to music with an entertaining medley of songs coupled with observations about the changing landscape of patient care – known as Healthcare 3.0. If we could hitch our security programs to the high energy level that Dr. Damania demonstrated, we’d have a huge head start in 2018.

Coalfire hosted a group of friends and clients for an evening of golf, dinner, and drinks at Top Golf where a good time was had by all. Luke McOmie, Director at Coalfire Labs, packed a standing-room-only session on how medical device manufacturers can use penetration testing to mature their product lifecycle processes. Other popular sessions covered Internet of Things (IoT), blockchain, Artificial Intelligence (AI), and machine learning . . . technologies that bring new challenges and security ramifications to the healthcare industry.

The exhibit floor was an open range of 45+ security technology providers, many of whom were Coalfire clients, using their third-party technical assessment white papers (authored by Coalfire assessors) to promote their secure solutions. From end-point security products to SIEM and encryption solutions, HDOs and life sciences organizations were part of a cattle drive to get more information from exhibitors.

As the conference wrapped up on the final evening with a bronco-bustin’ soiree at Copper Canyon, where serious discussions around third-party risk, malware detection, and ransomware took place, it was clear that attendees were armed with new ways to combat threats and manage risk in 2018 (as well as armed with rifles as they dressed in western wear for photo opps).

In all, NH-ISAC was more than just a rip-roaring good time peppered with a hint of western flavor, but also a very informative event rife with the latest information in cybersecurity advancements, best practices, and latest developments pertinent to healthcare.

Deborah McLain


Deborah McLain — Director, Heathcare & Life Sciences, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS