A farm boy from Northern Michigan and self-professed computer nerd, Bruce McCully is one of the nation’s leaders in network cybersecurity. Committed to educating professionals about security threats and best practices, Bruce engages crowds with his energetic, passionate, and charmingly nerdy demeanor.
He has become one of the nation’s leading keynote presenters on cybersecurity by constructing an impactful dialogue on security and threats plaguing rural healthcare facilities.
Through hands-on demonstrations, showing how cyber criminals work in the real world, to harrowing stories of cyberattacks in rural hospitals and clinics, Bruce involves and inspires his audiences—from tech wizards to average computer users.
As a frontline defender of business networks, Bruce continually updates his keynotes with the latest examples of the constantly evolving and growing attack landscape targeting your organization. Previous appearances include national and local news, national events and forums.
Bruce is the bestselling author of PLAGUED: The CEOs Ultimate Guide to HIPAA Compliance and Cybersecurity.
With businesses in the cross-hairs of cybercriminals, Bruce has been busy educating and informing audiences of all levels on how to keep their offices and facilities safe from attacks. He presents real-world examples of the difficult disaster recovery efforts once an organization is completely shut down from devastating ransomware attacks. Contact Bruce below to speak at your next event or register for one of his upcoming events!
HIPAA-HITECH was written to keep patient data safe from growing breaches and ransomware attacks. The problem is: most hospitals simply fill out HIPAA checklists, but fail to secure themselves from threats. I focus on two case studies where HIPAA failed and present a paradigm shift towards functional rural health security.
I will focus on two recent case studies as clear examples of how HIPAA compliance has failed rural health clinics and hospitals and present a paradigm shift from standard HIPAA compliance to a deeper focus on comprehensive functional health security.
As medical records remain one of the most valuable commodities on the Dark Web, where cybercriminals buy and sell data, hospitals remain bombarded with cyberattacks. While each individual attack might not be effective, many are able to cause considerable damage on networks and a few are able to completely shut down hospital networks for weeks at a time, leaving medical staff resorting to incomplete paper files and administrative staff unable to bill and adequately update patient files in an acceptable amount of time.
This year alone we’ve recovered dozens of facilities from ransom events, many of which had reached work stoppage ‘all systems down’ states by the time our team started a cyber recovery process. What many hospital IT Directors and Administrators believe is that recovery isn’t that hard. But we’ve been finding across healthcare, but especially in rural hospital network environments, large dependence on vendor relationships consistently cause these hospitals to remain unprotected from ransomware to the extent that hospital networks go down for weeks on end when a ransomware event strikes.
In this talk I will provide three different examples of recent ransomware attacks on hospitals that we have had to mitigate. I will walk you through at a high level all the steps that these hospitals had to take to get working again—including re-forging relationships with critical vendors that had stopped accepting traffic from infected hospitals, including EHR and billing vendors. As we walk through the steps in recovery I will point out where in the average hospital system problems arise and what your hospital should do—to learn from the mistakes of these past events to better prepare for unanticipated events long term.
Cyber security steps you can take to make sure your network is secure, and your data doesn’t end up on the dark web. Bruce will focus on phishing, how to figure out if something is a phish, hoax or the real deal. He will illustrate how users get tricked and how much difference a couple minutes can make in a hacking expedition.
Information security awareness helps to keep sensitive data remain secure. Through user education that goes beyond simple training awareness of current threats and minimize impact of a cyber event or incident to the individual or organization.
Previous attempts at integrating cybersecurity remains insufficient and inconsistent. To quickly react and proactively move to changing needed security standards and practices, healthcare security must go beyond simple policy enforcement.
Our proven concept revolves around a comprehensive experience and story-based training, consisting of both end user training, practice and marketing tools to communicate and create awareness. Most previous attempts at improving cybersecurity programs have been focused on the impact of data loss and addressing the importance of establishing user awareness, yet few programs actually integrate training applied to common user risks, with experiential-based learning. Bottom line: we learn better when we learn from our mistakes.
The significance of this research helps identifies if and how much peer influence promotes learning from current phishing, social engineering scams, and attempts to penetrate hospital networks. This learning approach also adapts to an ever-changing security climate to safeguard users from malicious attacks and promotes behavior change among very diverse staff demographics.
The biggest cybersecurity threat to your hospital isn’t from hackers from China or Russia. It isn’t from scheming cyber spies looking for your client data. The biggest threat to your company is YOU. You aren’t up-to-speed on the latest practices to avoid attacks, your passwords aren’t protected, your networks aren’t monitored and you’re constantly bombarded with phishing attacks and lures to divulge sensitive data. Why attack your? You’re the low hanging fruit. The sitting duck.
Is your hospital prepared for increased hacking and cyber threats? Do you have operating controls in place to protect confidential information? Note: Business Associates (i.e., vendors of healthcare offices) now face the same HIPAA and Privacy Breach Notification Compliance Rules as their healthcare clients. Learn how to stay HIPAA compliant without spending an arm and a leg. Why do hackers hack = it’s lucrative and easy! How do you protect yourself and your clients? Attend “HIPAA, Third-Party Vendor Management, and Cyber Security: Side Effects Include” for the answers.