The targeting and theft of sensitive health information continues to be a challenge. Increased regulation combined with a dynamic threat landscape requires today's healthcare leader to have a clear understanding of relevant legislation and how to measurably defend patient data and related systems. We can support you with practical advice for stopping even the most advanced attacks that may target your healthcare organization.
Webcasts, Live Streams and Video Series
Webcasts
- What you need to know about the SolarWinds Supply Chain Attack, Jake Williams
- Deployment Kit for Securing Your Workforce at Home, Lance Spitzner
- Introducing SANs Offensive Operations, Stephen Sims
- Building an Enterprise Grade Home Lab, Ismael Valenzuela & Justin Henderson
- CISSP Cram Session, Eric Conrad
- Faster, Better, AND Cheaper: Improving security operations using open source tools, John Hubbard
- Cybersecurity for the Healthcare Industry, Gabriel Daniels
- Locked Out! Detecting, Preventing, & Reacting to Human-Operated Ransomeware, Ryan Chapman
- Cleveland Clinic Best Practices On Securing Unmanaged and IoT Devices, Kevin Tambascio, Jason Sinchalk & Russell Rice
Live Streams
- Ransomware and Healthcare: A Deadly Combination, Doc Blackburn
- What Your Privacy Officer is Trying To Tell You... If Only You Would LIsten, Doc Blackburn and Lori Hopper
Video Series
HIPAA With Two A’s, Doc Blackburn
SANS 3rd Annual Healthcare Forum
Tackling Challenges, Building Cyber Resilience
Whitepapers and Interesting Reads
Hot Topics and Related SANS Resources
Ransomware
Webcast: Malware & Ransomware Solutions Forum
Blog: Finding a Cure for Ransomware
Blog: Turning Out the Lights on Ransomware
Livestream: Ransomware and Healthcare: A Deadly Combination
- Download Doc's notes from the Ransomware + Healthcare Live Stream here.
Ransomware + Healthcare in the News:
- Woman Dies During A Ransomware Attack on A German Hospital
- UHS Ransomware Attack Costs 67M in Lost Revenue, Recovery Efforts
- Ransomware Attacks on Healthcare Organizations Cost Nearly $21B Last Year, Study Finds
- Ransomware: In the Healthcare Sector
Ransomware and HIPAA Fact Sheet, pdf download
Ransomware Guidance, US HHS Office for Civil Rights, pdf download
Supply Chain/3rd Party Vendors
Webcast: Success Patterns for Supply Chain Security
Webcast: Combatting Cyber Risks in the Supply Chain
Blog: Automated Hunting of Software Update Supply Chain Attacks
Blog: Six Presentations You Don't Want to Miss at Supply Chain Cybersecurity Summit
Webcast: New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks
Telemedicine
NetWars Healthcare
The SANS Institute is excited to offer a cyber range, exclusively focused on securing healthcare environments.
SANS Cyber Ranges focus on the practical application and assessment of hands-on cybersecurity training. The cyber range enables you and your team to apply skills you’ve learned in a curated and isolated environment, that gives you insight into what you are excelling at, and what you need to focus more on. You walk away with real world experiences on how to handle situations, without the real-world risk associated with practicing on live production equipment and systems.
Participants will build critically important cybersecurity skills in each of these areas vital to defending healthcare environments.
Example topics in NetWars Healthcare include:
- Telemedicine and web app security
- EMR and incident analysis
- Medical device IoT security
- Ransomware analysis and decryption
- Hospital incident investigation with Windows domain event log analysis
Top SANS Courses for Healthcare Organizations
Course Title | GIAC Certification |
---|---|
FOR528: Ransomware for Incident Responders | None |
SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling | GIAC Certified Incident Handler (GCIH) |
GIAC Security Essentials (GSEC) | |
FOR508: Advanced Incident Response, Threat Hunting, & Digital Forensics | GIAC Certified Forensic Analyst (GCFA) |
GIAC Penetration Tester (GPEN) | |
GIAC Strategic Planning, Policy, and Leadership (GSTRT) | |
GIAC Information Security Professional (GISP) | |
GIAC Security Leadership (GSLC) | |
GIAC Certified Forensic Examiner (GCFE) | |
GIAC Web Application Penetration Tester (GWAPT) |