Michael K. Giannopoulos

Hospitals in Maine, New Hampshire limit services after cyberattack on Catholic health org https://ift.tt/Z6tLkDa Three hospitals run by Catholic healthcare organization Covenant Health are dealing with a cyberattack that forced the facilities to shut off all access to data systems. via The Record from Recorded Future News https://ift.tt/Dw2FqnY May 30, 2025 at 02:56PM

1

🎯 Free Compliance Alignment — without the nonsense. Ever seen a compliance firm drop a 200-page “scope” doc that tells you everything you don’t need — just to run up the bill? Yeah… we’re not those guys. At Iron City IT Advisors , they take a straight-shooting, in-depth approach: ✅ Keep it in scope. ✅ Cut the fluff. ✅ Build something that actually fits your environment — not a generic checkbox factory. So we made something useful — and yep, it’s free (like actually free): 🚀 SOC 2 + NIST CSF Alignment Toolkit It’s a unified mapping where every SOC 2 Trust Services Criterion (CC1–CC9) ties directly to NIST CSF 2.0 controls — giving you one defensible, audit-ready playbook. You’ll get: 📘 A full SOC 2 → NIST CSF crosswalk ⚙️ Practical control examples you can use today 🧭 GRC implementation guidance 📊 Market insights and compliance trends Grab it here → https://lnkd.in/gdWNw52v Because good compliance doesn’t have to feel like punishment. #Cybersecurity #SOC2 #NISTCSF #Compliance #vCISO #GRC #AuditReady #IronCityITAdvisors #SecurityLeadership

4

2 Comments

Healthcare doesn't happen only in hospitals anymore.   So how do you architect security and access for an ever-changing industry?   UPMC's Dan Snyder is breaking it down TODAY at Gartner IT Symposium—sharing how they rebuilt connectivity for at-home clinicians and distributed care sites while keeping latency low, security tight, and privacy non-negotiable.   If you're rethinking your infrastructure or any distributed enterprise, this is the session to catch! #GartnerITSymposium #HealthcareIT #SASE #SDWAN #ZeroTrust #DataPrivacy #Telehealth #HealthcareInnovation #VersaNetworks #Cybersecurity #Versa #UPMC #ChannelPartners

25

Excellent new contribution to Claroty Nexus from Providence CISO Mike Ratliff on the #healthcare system's teardown of traditional #GRC. Providence's approach: GRAC — Governance, Risk, Attack Surface Management, and Compliance — is a risk-centric, threat-aligned function built for outcomes, not reporting, Ratliff writes. https://hubs.li/Q03yc3pB0

2

CISA just added a 2021 XSS bug in OpenPLC ScadaBR (CVE-2021-26829) to the Known Exploited Vulnerabilities catalog – because threat actors are *actively* using it against industrial systems. A few things worth worrying about here: - This is “just” an XSS, but it was enough to deface an HMI, kill logs/alarms, and move quickly toward disruption. - Default creds + unpatched OT software is still a winning combo for hacktivists. - Attackers are blending commodity web tactics with ICS targets, which means the bar to impact operational tech keeps dropping. If you’re running OpenPLC ScadaBR (or any HMI/SCADA exposed to the internet), this is a good reminder to: - Patch the affected versions - Kill default credentials - Treat your HMI web layer as a real attack surface, not an afterthought Article: https://lnkd.in/eJ9XeZAT Security is a streak you can’t afford to break.

2

1 Comment

Staying informed about emerging threats like AiTM phishing is critical. This blog provides a comprehensive overview of how attackers bypass MFA, leverage Phishing-as-a-Service platforms, and exploit session cookies. Learn how to strengthen defenses and hunt for these threats effectively.

6

Security architecture review evaluates your technology infrastructure against security best practices and regulatory requirements. Identify opportunities for improvement and risk reduction. https://lnkd.in/eR39YM55 #SecurityArchitecture #InfrastructureReview #RiskReduction

2

#TrendingReads Data security remains a critical challenge for health systems. A recent Becker’s Hospital Review article reports that Cottage Hospital in New Hampshire is notifying patients after an unauthorized party accessed parts of its computer network, potentially exposing sensitive patient information. The breach was discovered in December after files were removed from a single server. While the incident did not involve the hospital’s EHR system and did not disrupt patient care, it highlights how vulnerabilities can exist outside of core clinical systems. Patient data included names and, in some cases, additional personal and medical details such as insurance information, dates of service, and treatment data. As health systems continue expanding digital operations, protecting sensitive data across all platforms has become just as important as safeguarding EHRs. Incidents like this emphasize the need for strong access controls, continuous monitoring, and employee security training across the entire technology environment. Healthcare leaders are increasingly focused on strengthening safeguards while reducing operational complexity. Simplifying workflows, limiting unnecessary system access, and standardizing processes can help reduce risk while supporting day to day operations. The takeaway is clear. Security and operational efficiency must go hand in hand. Technology strategies should prioritize reliability, accountability, and protection of patient data across every layer of the organization. At Jorie AI, we design automation with security and operational integrity in mind. By embedding intelligence directly into revenue cycle workflows and reducing manual touchpoints, we help organizations support efficiency while maintaining strong controls and oversight. 📚 Read the full article here: https://bit.ly/3ZYX9f7 🔗 Explore how Jorie AI supports secure, scalable revenue cycle operations: https://bit.ly/3ZqBuME #JorieAI #TrendingReads #AIinHealthcare #HealthTech #RevenueCycleManagement #HealthcareAutomation

12