Today’s healthcare organizations have tens of thousands of connected devices. And those devices might have come from any one of hundreds of manufacturers. The devices also do different things, of varying importance to someone’s health and well-being.

It’s that kind of complexity that stifles organizations and slows the programs and processes that keep medical devices safe from cyberattacks.

When it comes to cyberattacks, healthcare organizations face high stakes. They have valuable and sensitive patient information. Lives depend on the reliability of their connected devices. Increasingly, cybercriminals are targeting the healthcare sector with their latest attacks.

In this episode of Finite State’s podcast, “IoT: The Internet of Threats,” Health-ISAC’s Errol Weiss (Chief Security Officer) and Phil Englert (Director of Medical Device Security) join podcast host Eric Greenwald, Head of Cybersecurity Policy, and General Counsel at Finite State, to explore the rising stakes of medical device cybersecurity, the growing role of government in regulating cybersecurity controls in healthcare, and how Health-ISAC fits into the picture.

During this 22-minute episode, Errol, Phil, and Eric examine:

  • What is an ISAC?
  • What does the Health-ISAC do? 
  • The government’s increased appetite for cybersecurity regulation (with a focus on medical device security) 
  • How to protect against attacks with tens of thousands of different medical devices made by a wide array of different manufacturers and that do different things
  • The importance of having visibility into the components that make up those thousands of medical devices
  • Whether the SBOM (Software Bill of Materials) is ready to be a key control in the healthcare cybersecurity ecosystem

Episode Details

Prior to his role as Chief Security Officer of Health-ISAC, Errol served in several SVP-level positions at Bank of America, focusing on cybercrime, fraud prevention, business process cyber assessments, and threat analytics and information sharing. Earlier in his career, he held key positions at Citigroup and SAIC. Errol also served on the Board of the Financial Services ISAC during the 2010s. 

Before joining Health-ISAC as Director of Medical Device Security, Phil served as Chief Product Officer at MedSec and was responsible for product management, new business development, and process improvement. Prior to MedSec, Phil served in a variety of roles at Deloitte, Novasano, MDISS (Medical Device Innovation Security and Safety), and Catholic Health Initiatives. 

Health-ISAC (also referred to as H-ISAC) is a global, non-profit organization that offers healthcare security stakeholders actionable data in a trusted community. 

Episode Links

All episodes of Finite State’s “The Internet of Threats” podcast can be heard on Spotify, Apple Podcasts, and Google Podcasts.

Listen to this episode in its entirety below!