In Scope Healthcare Cybersecurity Podcast

In Scope is the healthcare cybersecurity podcast that tackles the critical security issues facing hospitals, clinics, and other healthcare delivery systems with healthcare security leaders and host, Mike Murray.


Security Whitepapers

Security considerations when acquiring a new healthcare organization.

Healthcare systems should prepare for a ransomware attack with the assumption – and the urgency – that they are already being targeted.
Overcoming the challenges of securing mission-critical medical devices from the growing threat of cyberattacks.

Scope Blog

We believe the best healthcare is delivered safely and securely. One way to do that is to eliminate the risk of cyberattack against our healthcare systems.


Getting to Know the Clinical Vulnerability Landscape

Threats against the clinical cyber environment come in many flavors. These threats range from automated malware and non-technical insiders to highly resourced cybercriminals and nation-state / Advanced Persistent Threat (APT) attackers. But even though the attackers and their motivations vary widely, all clinical threats take advantage of the same attack surface. Here’s what you need to know about the different threats facing the clinical vulnerability landscape.

Recalls, “Dark” Medical Device Vulnerabilities & The Cost for Healthcare Cybersecurity

When a flaw is discovered in an FDA-regulated product that can impact that product's ability to perform effectively and safely, they are required by the FDA to issue a "recall." Recalls are often newsworthy—we hear of recalls for drugs (when they have newly discovered side effects or are mislabeled) and even every day products like cat food (for contamination). Recalls for medical devices are often less newsworthy, but can be incredibly expensive.

Medical Device Patching: Understanding the Complexities

One of the most challenging issues around securing medical devices is involved in patching them. While the FDA is on record stating that “security patches do not require FDA approval,” device manufacturers often argue that the FDA validation process limits their ability to patch. Ultimately, both sides are correct. Unfortunately, this leaves hospitals and care delivery organizations holding the bag when it comes to vulnerable devices in their network.