Flexible Training for Today's Critical Cyber Skills - Available Now with Best Specials of the Year - Learn More


To attend this webcast, login to your SANS Account or create your Account.

Tech Tuesday Workshop – Healthcare’s Top Threats in 2021 and What You Can Do About Them

  • Tuesday, January 19, 2021 at 1:00 PM EST (2021-01-19 18:00:00 UTC)
  • Doc Blackburn, Aaron Cure, DJ McArthur

You can now attend the webcast using your mobile device!



As we begin the new year, lets discuss Healthcares top threats for 2021, and what you can do to help protect yourself and your organization. In this workshop we will demonstrate how to develop and maintain a secure environment for the organization by implementing repeatable processes based on industry best practices.

To address tight budget restrictions, many healthcare organizations promote security and compliance team members from within the organization to cultivate and retain talent internally. These professionals have a wide range of experience and skill sets. This workshop will help students understand the current threat landscape and better prepare their healthcare organizations compliance and security initiatives for modern threats.

Healthcare organizations in the United States face two major challenges: first, to properly secure the organization from tactical risk, and second, to achieve compliance with the array of government regulations known as HIPAA. This workshop will help students develop the skills to make measurable improvements to the overall security posture of their organization's IT infrastructure while also building and maintaining a compliance program. Using the safeguards of the HIPAA Security Rule along with the NIST Framework 800-66 to identify and assess risk, students will learn how to report progress on their compliance activities and their security value in support of the organization's mission.

We will cover the top threats to healthcare security in 2021:

  • Ransomware: We will talk about the ever-changing threatscape of ransomware. Well cover the current techniques and tactics used by ransomware threat actors and how to protect yourself.
  • Third-Party Vendor Insecurities: The recent exposure of foreign, nation-state level supply chain attacks have renewed the concern of using third-party services and vendors. You will learn the core criteria important in choosing security vendors.
  • Vulnerability Remediation: The size, increasing complexity, and evolving nature of healthcare organizations has increased the importance of having a solid and effective vulnerability remediation program. We will discuss the unique challenges around this critical function as it relates to healthcare entities.
  • Web Application Insecurities: The unique needs of patient care, human subjects research and clinical trials, etc. require specialized web-based applications, many of which have not been developed securely. We will cover the concerns around these insecurities and how to best protect your ePHI in web apps.

Assessing Your Organizations Specific Risks

Healthcare organizations have unique security concerns as well as HIPAA compliance requirements. Workshop participants will be introduced to a brand-new risk assessment tool built specifically for healthcare organizations and their compliance needs. This risk assessment tool provides dashboards and executive reports to help the security team communicate risk concerns to organizational leadership.

System Requirements: A Mac or PC with internet access. Please join the workshop promptly, participants will login to a cloud-based tool at the beginning.

*Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

Speaker Bios

Doc Blackburn

Starting in the year 2000, Doc ran a successful IT consulting, hosting, and design firm for 10 years until he found his passion was in IT security and compliance. His well-rounded IT experience includes hardware, software, network design, project management, administration, programming, systems security, and compliance frameworks. He has vast experience at various levels of information technology from technical support/help desk positions to security leadership roles.

He has been heavily involved in the technical design and implementation of NIH approved FISMA compliant information systems. His current work has focused on HIPAA, FERPA, PCI DSS, GDPR, and FISMA compliant systems with an emphasis on IT risk management in enterprise environments. Doc maintains over a dozen IT and security certifications along with a Bachelor's degree from the University of Arizona in 2002. He currently leads the Risk and Compliance efforts for the University of Colorado Denver | Anschutz Medical Campus.

Aaron Cure

Aaron is a senior security consultant at Cypress Data Defense and an instructor and contributing author for the DEV544 Secure Coding in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. He also has experience developing security tools, performing secure code reviews, vulnerability assessments, and penetration testing, as well as risk assessments, static source code analysis, and security research. Aaron holds the GIAC GSSP-.NET, GWAPT, GMOB, and CISSP certifications and is located in Arvada, CO. Outside the office Aaron enjoys boating, travel, and playing hockey.

DJ McArthur

DJ McArthur is a SANS instructor and author of SEC474: Building A Healthcare Security & Compliance Program. He’s also a CISO in the healthcare industry and owner of Graymatter Security and Educational Services LLC. He served as a United States Marine, holds multiple security certifications such as CISSP, EnCE, GCIH, CEH, and LPT as well as an MBA in healthcare and information assurance. DJ has served in various technical and leadership roles including security architecture, engineering, and computer forensics.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.