NH-ISAC Fall Summit Recap and DMARC

TLP White

 
Fall Summit recall on this week’s Hacking Healthcare:

 

  1. Last week was the NH-ISAC Fall Summit in Scottsdale, Arizona. What a great week in the desert sun. Here’s a couple of highlights:
  2.  

ZDOGGMD delivered a powerhouse keynote – full of humor and insight. His message refocused the group on the purpose of the healthcare industry – helping people. He talked about his vision for a compassion-driven approach that unites patients, doctors, and technology to deliver better results. You can check out more of his stuff here: http://zdoggmd.com/
 

Included in the other presentations was a full track dedicated to medical devices. This is the fourth summit with a medical device specific track, and it continues to grow in size and scope. This year saw presentations around regulatory policy in both China and the U.S., including an appearance from Suzanne Schwartz of the FDA.

The conference also saw the launch of the new Cyber Outbreak tabletop exercise series. On Monday afternoon, 45 participants and observers joined the three hour exercise. We plan on holding many more exercises at future Summits and throughout the year.
 

  1. Now is the time for DMARC – Using DMARC, a protocol for improving email authentication, is a widely accepted, but chronically under-deployed best practice for securing email exchanges. It helps to cut down on spear-phishing, one of the most prevalent vectors for cyber-crime. DMARC is easy to implement and is supported by all the major email providers.

 
Adoption of DMARC is particularly beneficial in the healthcare sector – 57 percent of all email claiming to be FROM healthcare organizations is actually fraudulent. Despite its benefit, 98 percent of healthcare organizations are not utilizing DMARC protocols.[1]

NH-ISAC has joined a global challenge to increase the adoption of DMARC. The goal is to have members deploy DMARC in 90 days. This is inspired by DHS requiring all government agencies to begin implementing DMARC within 90 days.[2] Here’s a guide[3] on how you can take part.
 

[1] http://www.businesswire.com/news/home/20171128005546/en/Fifty-Seven-Percent-Email-%E2%80%9CFrom%E2%80%9D-Healthcare-Industry-Fraudulent

[2] [BOD 18-01] https://cyber.dhs.gov/

[3] https://www.globalcyberalliance.org/90-days-to-dmarc-a-global-cyber-alliance-challenge.html

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of NH-ISAC.

Read full blog below:

Newsletter_NH-ISAC_Public_120517