Big Trends and Hot Topics From H-ISAC 2022

Two weeks ago, I had the opportunity to attend and speak at the H-ISAC fall summit here in Phoenix. As always, this conference is a great opportunity to meet back up with customers and friends from all around the Healthcare sector. This leads to illuminating conversations that really give me a higher definition picture of what is happening in the trenches and helps me better understand how the work we’re doing here at Netskope can help.

One of the key topics that came up in many of my conversations was insider threat. In fact. I actually presented on insider threat at the conference with Stephen Dias getting down and dirty with a presentation that reviewed five key use cases around protecting against insider threats in healthcare. But we weren’t the only ones talking about it. As I talked to other attendees, there were a few different presentations on insider threat, all covering different facets, such as what to do in the first 48 hours after detecting an insider threat, covering the differences between malicious and inadvertent insiders, and how to collaborate with internal business groups around insiders. Earlier in 2022, I even wrote about how the Great Resignation is increasing insider threat in the healthcare sector. If these presentations and conversations at H-ISAC are any indication, insider threat will continue to be a pretty big topic in 2023.

Device security was also a hot topic, specifically from organizations that are device manufacturers. I heard from many device manufacturers that were talking about finding ways to better address device security in the development stages, in the firmware and code, leading to broader conversations about the internet of things (IoT) and what devices healthcare organizations have on their network. Device security and asset management within IoT has long been a challenge in healthcare and is only becoming more prominent as we get into 2023.

Additionally, talk of the economic pressures in the coming year were also a hot topic in the conversations I had. Specifically, many of the practitioners I talked to were focused on how to become more efficient within their security spend. Many in the healthcare sector are still coming out of the cuts that came with the first two years of the COVID-19 pandemic, so instead of major cuts, healthcare security practitioners are instead being told to delay their spend until later in 2023. As a result, many are looking for ways they can get more out of what they currently have, without introducing more risk in the process.

As a result of this re-evaluation, I also had a couple of conversations with customers that talked about finding ways to better collaborate with and learn from other healthcare security peers. Many are looking at breaches happening elsewhere in the healthcare sector and deconstructing them to better understand what went wrong and how their organizations can avoid similar situations. This often happens in conversations between healthcare security leaders, allowing them to learn from each other’s mistakes while also building a strong healthcare-focused security community.
As always, the conversations and presentations at H-ISAC are energizing and help to set the tone as we look at the new year to come and I am already looking forward to connecting with everyone again when the Spring Summit rolls around in 2023. In the meantime though, if you’d like to continue the conversation, feel free to connect with me over on LinkedIn.