SANS Health Care Security Resources

The targeting and theft of sensitive health information continues to be a challenge. Increased regulation combined with a dynamic threat landscape requires today's health care leader to have a clear understanding of relevant legislation and how to measurably defend patient data and related systems. We can support you with practical advice for stopping even the most advanced attacks that may target your health care organization.

Webcasts

What you need to know about the SolarWinds Supply Chain Attack, Jake Williams

Deployment Kit for Securing Your Workforce at Home, Lance Spitzner

Introducing SANs Offensive Operations, Stephen Sims

Building an Enterprise Grade Home Lab, Ismael Valenzuela & Justin Henderson

CISSP Cram Session, Eric Conrad

Faster, Better, AND Cheaper: Improving security operations using open source tools, John Hubbard

Live Stream

Download notes from the Ransomware + Healthcare Live Stream here.


Download notes from the Privacy Officer Live Stream here.

Blog

Applying Cyber Hygiene to Defend Health Care Data and Systems, Greg Porter

Infographics

Top 6 HIPAA ePHI Exposures

HIPAA Compliance Dos and Don'ts

Infofliers

Ransomware + Healthcare: A Deadly Combination

What Your Privacy Officer is Trying to Tell You...If Only You Would Listen

Video Series - Doc's Shorts

HIPAA with Two A's

Whitepapers

SANS Top New Attacks and Threat Report, John Pescatore

Cybersecurity in the Age of the Cloud, Frank Kim

Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework, John Hubbard

Implementer's Guide to Deception Technologies, Kyle Dickinson

Generating Hypotheses for Successful Threat Hunting, Robert M. Lee & David Bianco

2020 SANS Cyber Threat Intelligence (CTI) Survey, Robert M. Lee

Detecting Malicious Activity in Large Enterprises, Matt Bromiley

A Plan for How to Get There and What to Do When You Arrive: Practical Advice on Establishing a Security Information Management Program within Healthcare, Barbara Filkins

Spends and Trends: SANS 2020 IT Cybersecurity Spending Survey, Barbara Filkins & John Pescatore

Making and Keeping Work-at-Home Operations Safe and Productive, John Pescatore

Hot Topics and Related SANS Resources

Ransomware

Webcast: Malware & Ransomware Solutions Forum

Blog: Finding a Cure for Ransomware

Blog: Turning Out the Lights on Ransomware

Livestream: Ransomware and Healthcare: A Deadly Combination

• Download Doc's notes from the Ransomware + Healthcare Live Stream here.

Ransomware + Healthcare in the News:

• Woman Dies During A Ransomware Attack on A German Hospital
• UHS Ransomware Attack Costs 67M in Lost Revenue, Recovery Efforts
• Ransomware Attacks on Healthcare Organizations Cost Nearly $21B Last Year, Study Finds
• Ransomware: In the Healthcare Sector

Ransomware and HIPAA Fact Sheet, pdf download

Ransomware Guidance, US HHS Office for Civil Rights, pdf download

Supply Chain/3rd Party Vendors

Webcast: Success Patterns for Supply Chain Security

Webcast: Combatting Cyber Risks in the Supply Chain

Webcast: How to Inject Security Into YOur Software Development Life Cycle - Close Security Gaps in Your Software Supply Chain Through Automation and Deep Analysis

Blog: Automated Hunting of Software Update Supply Chain Attacks

Blog: Six Presentations You Don't Want to Miss at Supply Chain Cybersecurity Summit

Webcast: New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks

Telemedicine

Webcast: How to Secure a Modern Web Application in AWS

Resource: Securing Web Application Technologies [SWAT] Checklist and Poster

Webcast: Choosing the Right Path to Application Security

Healthcare NetWars

The SANS Institute is super excited to announce our newest cyber range, exclusively focused on securing health care environments! In this series of challenges, you’ll help Generic Hospital deal with some major cybersecurity issues facing similar organizations around the world today. Generic Hospital’s cybersecurity staff has identified suspicious events that require an immediate investigation. Also, new medical IoT devices in the hospital need to be analyzed for vulnerabilities. What’s more, the organization has deployed a new telemedicine web application that requires a security test. And, to top it all off, Generic Hospital is being targeted with some nasty ransomware! Participants will build critically important cybersecurity skills in each of these areas vital to defending health care environments. Don’t miss this brand-new Health Care Mini-NetWars experience.

For more information, check out our flyer for our Healthcare NetWars.

But don't just take our word for it. Here's what an attendee of Healthcare NetWars had to say about it:

Top SANS Courses for Healthcare Organizations

Course Title	GIAC Certification
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling	GIAC Certified Incident Handler (GCIH)
SEC401: Security Essentials Bootcamp Style	GIAC Security Essentials (GSEC)
FOR508: Advanced Incident Response, Threat Hunting, & Digital Forensics	GIAC Certified Forensic Analyst (GCFA)
SEC560: Network Penetration Testing and Ethical Hacking	GIAC Penetration Tester (GPEN)
MGT514: Security Strategic Planning, Policy, and Leadership	GIAC Strategic Planning, Policy, and Leadership (GSTRT)
MGT414: SANS Training Program for CISSP® Certification	GIAC Information Security Professional (GISP)
MGT512: Security Leadership Essentials for Managers	GIAC Security Leadership (GSLC)
FOR500: Windows Forensic Analysis	GIAC Certified Forensic Examiner (GCFE)
SEC542: Web App Penetration Testing and Ethical Hacking	GIAC Web Application Penetration Tester (GWAPT)