Dirk Stanley, MD, CMIO at UConn Health, offers advice for Applied Clinical Informaticists and those interested in clinical workflow design. Recommendations include recognizing the interdependence of IT and IS; understanding the difference between good ideas and necessary infrastructure; managing workflow complexity to avoid burnout; justifying the need for an interdisciplinary Applied Clinical Informatics team; caring about design details; knowing the 16 most common Computerized Physician Order Entry (CPOE) order types; not underestimating order set complexity; managing multiple stakeholder interests; learning common CPOE order modes; and, empowering a clinical leader. He stresses the importance of transformers of clinical workflow in facilitating smooth operations.

Seeds and Soil: Recommendations for new Applied Clinical Informaticists, Part 2 | healthsystemcio.com I'm sorry for the inconvenience

Sophisticated attacks sparking concerns for multifactor authentication (MFA) reliant organizations, especially using Okta. Attacks targeting U.S. hospitality industry, notably MGM Resorts, causing substantial losses. MGM yet to disclose attack extent; hacker group ALPHV (alias BlackCat) claimed responsibility, MGM daily losses around $8.4 million, Caesars paid $15 million ransom. Identity attacks increasingly threatening organizations, methods evolve, including strategies against identity and access management (IAM) systems. Even with Okta, security not guaranteed due to persistent account takeovers, privilege escalation threats. MFA, while useful, not impervious to attacks. Recent incidents involved tactics like privileged user account access, anonymizing proxy services, privilege escalation, impersonation via second identity provider, and username manipulation. Tactics underline need for robust identity threat detection and response measures. IAM best practices include least privilege, regular auditing, conditional access policies. No solution guarantees absolute security. ITDR strategies, user education, and best practices are key for organizational protection due to serious financial and reputational risks.

How the Okta Cross-Tenant Impersonation Attacks Succeeded DarkReading

Ransomware attacks often exploit vulnerabilities, with 1/5 of common vulnerabilities used for such attacks, reports CISA. Microsoft product-linked vulnerabilities make up 2/5 of those exploited. Ransomware disrupts worldwide; organizations unaware of threat actors' vulnerabilities on their network. CISA addressing this through Ransomware Vulnerability Warning Pilot, under the 2022 Cyber Incident Reporting Act.

Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks Cybersecurity Dive

Hamas attack on Israel illuminates situational awareness' importance, particularly for healthcare entities using cybersecurity, IT or medical solutions from Israeli providers. If war prolongs, Israel's ability to support infrastructure—security, software, hardware firms—might be impacted. Healthcare supply reliance from the region requires special attention. H-ISAC hasn't faced cyberattacks linked to Middle Eastern situation, though potential exists + phishing attempts seen. Actual HTTP/2 vulnerability alerts shared, hacktivist groups exploiting zero-day weaknesses in ongoing DDoS attacks. Anderson advises optimal intelligence-sharing, preparation for potential threats—DDoS, hacktivism, phishing, other attacks—incident response planning for physical healthcare threats + ignoring misinformation.

Could Middle Eastern Cyberwarfare Spill Into Health Sector? BankInfoSecurity

Dirk Stanley, MD, CMIO at UConn Health, offers advice for Applied Clinical Informaticists and those interested in clinical workflow design. Recommendations include recognizing the interdependence of IT and IS; understanding the difference between good ideas and necessary infrastructure; managing workflow complexity to avoid burnout; justifying the need for an interdisciplinary Applied Clinical Informatics team; caring about design details; knowing the 16 most common Computerized Physician Order Entry (CPOE) order types; not underestimating order set complexity; managing multiple stakeholder interests; learning common CPOE order modes; and, empowering a clinical leader. He stresses the importance of transformers of clinical workflow in facilitating smooth operations.

Seeds and Soil: Recommendations for new Applied Clinical Informaticists, Part 2 | healthsystemcio.com I'm sorry for the inconvenience

Sophisticated attacks sparking concerns for multifactor authentication (MFA) reliant organizations, especially using Okta. Attacks targeting U.S. hospitality industry, notably MGM Resorts, causing substantial losses. MGM yet to disclose attack extent; hacker group ALPHV (alias BlackCat) claimed responsibility, MGM daily losses around $8.4 million, Caesars paid $15 million ransom. Identity attacks increasingly threatening organizations, methods evolve, including strategies against identity and access management (IAM) systems. Even with Okta, security not guaranteed due to persistent account takeovers, privilege escalation threats. MFA, while useful, not impervious to attacks. Recent incidents involved tactics like privileged user account access, anonymizing proxy services, privilege escalation, impersonation via second identity provider, and username manipulation. Tactics underline need for robust identity threat detection and response measures. IAM best practices include least privilege, regular auditing, conditional access policies. No solution guarantees absolute security. ITDR strategies, user education, and best practices are key for organizational protection due to serious financial and reputational risks.

How the Okta Cross-Tenant Impersonation Attacks Succeeded DarkReading

Ransomware attacks often exploit vulnerabilities, with 1/5 of common vulnerabilities used for such attacks, reports CISA. Microsoft product-linked vulnerabilities make up 2/5 of those exploited. Ransomware disrupts worldwide; organizations unaware of threat actors' vulnerabilities on their network. CISA addressing this through Ransomware Vulnerability Warning Pilot, under the 2022 Cyber Incident Reporting Act.

Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks Cybersecurity Dive

Hamas attack on Israel illuminates situational awareness' importance, particularly for healthcare entities using cybersecurity, IT or medical solutions from Israeli providers. If war prolongs, Israel's ability to support infrastructure—security, software, hardware firms—might be impacted. Healthcare supply reliance from the region requires special attention. H-ISAC hasn't faced cyberattacks linked to Middle Eastern situation, though potential exists + phishing attempts seen. Actual HTTP/2 vulnerability alerts shared, hacktivist groups exploiting zero-day weaknesses in ongoing DDoS attacks. Anderson advises optimal intelligence-sharing, preparation for potential threats—DDoS, hacktivism, phishing, other attacks—incident response planning for physical healthcare threats + ignoring misinformation.

Could Middle Eastern Cyberwarfare Spill Into Health Sector? BankInfoSecurity