In today's episode of the Two Minute Drill, Drex dives into three important cybersecurity updates: a new Senate bill aimed at setting minimum security standards for healthcare organizations, CrowdStrike’s response to a software update incident, and NIST's proposed changes to outdated password practices. Stay informed on the latest efforts to safeguard healthcare data and improve cybersecurity across the industry.
Remember, Stay a Little Paranoid
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey everyone, I'm Drex and this is the Two Minute Drill, where I do three quick stories twice a week, all part of one great community, the 229 Cyber and Risk Community here at This Week Health. Today's drill is brought to you by Fortified Health Security. No matter where you're at in your security journey, Fortified can help you improve your security posture through their 24 7 threat defense services or advisory solutions.
Delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program. Learn more at FortifiedHealthSecurity. com. Thanks for joining me today. Here's some stuff you might want to know about. The Senate Finance Committee has introduced a bill intended to improve cybersecurity in America's healthcare system.
The Health Infrastructure Security and Accountability Act would require HHS to develop and enforce a set of minimum security standards for providers, health plans, clearinghouses, and business associates. The bill would also remove the cap for fines under HIPAA. and would provide some funding for hospitals to improve their security posture, particularly small and rural hospitals.
There's a link to the bill, a one page summary, and a section by section summary on the news site. CrowdStrike Senior Vice President Adam Meyers testified to Congress this week answering questions on the July 19th election. which was tied to a CrowdStrike software update. Myers assured lawmakers that there has been significant review and improvement of the methodology used for testing updates, and with the additional safeguards, the problem that led to the July 19th event won't happen again.
Interestingly, while I think we all expected a wave of lawsuits because of this, those apparently have not materialized, even though there were a lot of threats in the weeks following the incident. And the last story of the day, NIST, the National Institute of Standards and Technology has proposed barring some of the password requirements that most of us have come to take as standard practice.
Things like mandatory regular password resets and mandatory use of certain characters and numbers in a password. It's all in the second public draft of its digital identity guidelines. You can find the draft on the NIST website and there's actually a much easier To read story about this in ARS Technica, you can find that link at thisweekhealth.
com slash news. Thanks again to our Two Minute Drill sponsor, healthcare's cyber partner, Fortified Health Security. With a 98 percent client retention rate and three consecutive best in class awards, Fortified's exclusive focus on healthcare cybersecurity makes them the go to partner for healthcare organizations wanting to strengthen their cybersecurity posture.
Find out more at fortifiedhealthsecurity. com. That's it for today's Two Minute Drill. Thanks for being here. Stay a little paranoid. I'll see you around campus.