A Candid Conversation with Healthcare Security Expert Bill Pelletier

Healthcare security veteran Bill Pelletier has seen the industry from all sides. In this episode he shares his thoughts on what 2021 may look like for security vendors and CISOs alike.

Show Notes

Join this episode of In Scope, a podcast about healthcare security, with the best interviews, technical tips, and insights on the challenges facing the ever-changing healthcare ecosystem. In today’s episode, host Mike Murray is joined by two members of the Scope team—Jeremy Richards and John Daniele—to look at 2021 and where they see the world going.

Mike starts-off the conversation with reflection on the attack against the solar winds infrastructure, along with the attackers in 2020. What do these realities presage going into 2021? John jumps into the discussion in talking about the solar winds hack and related fallouts. Not only are more attacks against service providers to be expected, but these providers are serving as conduits to the real victims and targets. Find out more about the phishing campaign of those involved in the distribution of the COVID vaccine and how supply chain hacks are on the rise. John says the full impact has not yet been felt from these fallouts, but we are soon going to feel what a compromised supply chain looks like.

Learn about the FireEye hack and how they released detection signatures for their very own tools so quickly after finding that they were compromised. We are inheriting a mess that will need cleaned up, but Jeremy and John talk about how it is only the “noisy” side of things that we have even started to see the impacts of.

The conversation shifts to ransomeware gangs and how cyber criminal gangs are escalating the pressure against their targets. Finding new ways to submit vulnerabilities, Mike asks how we can dis-incentivize these gangs from being involved in such criminal activities. Find out more about the government’s role and why organizations should collaborate more with the law enforcement.

Mike shifts directions to discuss the themes of 2021 that are to be expected with technology and the digital enablement in the medical field. Jeremy and John share about the EHR cloud native, EMR phishing, and how hackers are recognizing the crucial importance this data base for records truly has. With a need to focus more on security and gaining increased monitoring, many organizations are lacking in developing these exact pipelines. While API security challenges have not been fully recognized, the idea that healthcare is becoming more API operated is inherent. They also touch on the importance of guarding the availability and accessibility of models, so as not to give attackers too much crucial information to gain the upper-hand.

This episode draws to a close with one last prediction—business model shifts. What are cyber security ramifications with the shift and current landscape? Finances are being put into security, and there is a demand for consolidating tools and using what you have, but what is the importance of the overall digital transformation? With a lack of data and information to build good detection models, how can we bolster the ability to gather the amount of data needed to build good detection for future threats? If hospitals focus on this digital transformation, the data may increase to drive cyber security with the necessary tools! Find out that even if devices are designed securely, monitoring and operating them securely is the real challenge. Mike reminds us that these are simply predictions and we’ve all learned how quickly realities can shift from beneath us. Next year, we’ll see just how off these predictions for 2021 were!

Don’t forget to share, like, and subscribe to this podcast!

Timestamps

0:21 – Host Mike Murray introduces the show

0:31 – Guests Jeremy Richards and John Daniele are welcomed on

0:59 – Attack against solar winds infrastructure

1:16 – What is presaged going into 2021?

4:25 – FireEye hack

5:39 – Ransomeware gangs

11:15 – Role of government and law enforcement

13:07 – Themes to be expected in 2021

16:07 – API focused

20:36 – Availability and accessibility concerns

22:03 – Business model shifts

Links

Go to the Scope Security website to learn more, sign up, and never miss another episode!
Connect with Jeremy Richards on LinkedIn.
Connect with John Daniele on LinkedIn and Twitter.
Follow Scope Security on LinkedIn and Twitter.
Learn more about FireEye.
If you have ideas for topics, guests, or technical tips, contact [email protected]

Get Scope OmniSight™ Request Demo