We took a red eye flight from SFO to Boston on Sunday to attend the HIMSS Privacy and Security Forum in Boston. Note to self: Don’t take cross country, red eye flights on Sundays. Yikes. We landed so early we rented a room at a discount hotel for six hours just to catch up on sleep.
The weather was cold and slushy as we arrived to the Westin Boston Waterfront. It was even colder however, during our Boston trip in April for the Medical Informatics World Conference.
HIMSS Privacy Workshop – Threat Intelligence: Head Off Attacks Before The Damage Is Done
I attended the session put on by Denise Anderson, Executive Director of NH-ISAC. Her presentation centered around sharing threat intelligence by NH-ISAC, the nation’s Healthcare and Public Health Information Sharing and Analysis Center.
They are responsible for making public all-hazards (physical and cyber) to our nation’s critical security infrastructure resilient.
Here are some things I learned from the session, Threat Intelligence: Head Off Attacks Before The Damage Is Done
- Hollywood Presbyterian Medical Center was hacked via a JBOSS vulnerability
- Locky Ransomware is still making the rounds among US healthcare systems
- STIX is a structured language for cyber threat intelligence. It has over 125 organizations as members.
HIMSS Privacy Session – Prepare and Protect: A Multi-Pronged Approach To Thwart Threats
Art outlined the steps CHA has taken to successfully secure its systems, including implementing new solutions, exploring new technologies, training providers and staff, and conducting preparedness drills.
I was especially impressed by his ongoing efforts to launch phishing campaigns, as a preventative training measure, upon his own userbase.
Afterwards, Art told me there’s a steak dinner bounty among his staff for whoever can trick him into clicking on a phishing link. I thought that was pretty cool.
We’re off to a Bruins game this evening. Looking forward to tomorrow.