Healthcare Cybersecurity Insights
Practical perspectives on threat intelligence, risk management, and security strategy for healthcare leaders.
Dental Practices Are Under Attack. The Breach Usually Starts Somewhere Else.
In 2026, dental patients are being exposed by the millions. The pattern behind the biggest incidents is not a hacked front desk. It is a hacked vendor, DSO, or benefits administrator. Here is what dental practices should do about it.
Read More →The HIPAA Security Rule Overhaul Just Slipped to 2027. Do Not Slow Down.
The federal government pushed the final HIPAA Security Rule from May 2026 to July 2027. Here is what actually changed, what did not, and why the extra time is runway rather than a reprieve.
Read More →1 in 4 Hospitals Had a Medical Device Cyberattack This Year. The Inside Numbers Are Worse.
RunSafe Security's 2026 Medical Device Cybersecurity Index surveyed 551 healthcare professionals. One in four organizations had a cyberattack targeting medical devices in the past year. Eighty percent caused patient harm. Forty-four percent are knowingly running unpatched clinical hardware. The procurement side is improving. The installed base is not.
Read More →Three Medtech Giants. Six Weeks. What Healthcare Leaders Need to Know.
Stryker, Intuitive Surgical, and Medtronic all disclosed cyber incidents within roughly six weeks. The targeting pattern is no coincidence — adversaries are moving upstream from hospitals to the small group of suppliers that build the implants, robots, and infusion platforms healthcare runs on.
Read More →When AI Prescribes Methamphetamine: What the Doctronic Findings Mean for Healthcare AI Governance
Security researchers manipulated an AI prescription platform into tripling an opioid dose and labeling methamphetamine as safe. The findings, the regulatory split between New York and California, and the demand from one in three Americans using AI for health advice all converge into a clinical AI governance problem healthcare leaders cannot defer.
Read More →What the Stryker Breach Teaches Healthcare About Third-Party Risk
An Iran-linked group wiped 200,000 devices across 79 countries by compromising a single Microsoft Intune admin account. For every healthcare organization that depends on Stryker, this is what third-party risk actually looks like.
Read More →Why Healthcare Organizations Still Resist MFA — And Why That Is About to Change
Multi-factor authentication is the single most effective control against credential-based attacks. Healthcare knows this. So why is adoption still so uneven — and what does the proposed HIPAA mandate mean for organizations that have been deferring?
Read More →The Proposed HIPAA Security Rule Changes: What Healthcare Leaders Need to Know
The biggest update to the HIPAA Security Rule in over a decade is on the horizon. Here is what is changing, what it will cost, when it takes effect, and what you should be doing now.
Read More →The First 24 Hours After a Ransomware Attack
The decisions you make in the first 24 hours after a ransomware attack determine whether the incident is a crisis or a catastrophe. Here is the hour-by-hour reality of what happens — and what most healthcare organizations are not prepared for.
Read More →