As human beings, we are programmed with a desire to help others in need, but this is one of the reasons that hackers are so successful in infiltrating our networks.
This week the Black Hat Conference takes place, followed by DefCon (in its 25th year); both cover the security landscape and feature plenty of insights into cyberattacks and ways of preventing them. The keynote at DefCon this year is focused on “Making Security Work for Everyone” and features Alex Stamos the chief security officer for Facebook. Last year I was lucky to be in the room during the Social Engineering Capture the Flag (SECTF) competition at DefCon 24, when the winning participant was on stage.
Each year SECTF participants compete to extract information from a list of target companies over the phone simply by using clever subterfuge and social engineering skills. It was an eye-opening experience to witness the ease with which a complete stranger was able to create a trusting relationship with an employee in the target company and obtain a large amount of information (you can read the details of the competition, targeted companies, and the information contestants were asked to gather online here).
This approach, leveraging social engineering, is not the end game for cyberattacks, but it is increasing in use and even being automated. The use of artificial (or augmented) intelligence (AI) is being explored in many fields, and hacking is no exception. Security companies are using AI to help automate protection, but there is no reason hackers won’t use the same approach to increase the number and sophistication of their attacks.
Security is Everyone’s Responsibility
The intent of the aforementioned competition is to expose risks and educate individuals and employees about them. Investing in education regarding company security fulfills a corporate goal but is a bit like offering health insurance to employees: it gives them value as well. Not only are they better-equipped to protect the corporate assets and information, but they are better positioned to protect their own personal assets and finances.
We don’t hear too much in the news regarding the “Nigerian 419 Scam” – but that’s not because it isn’t impacting people. As this chart shows, the scam resulted in the collection of $12.7 billion in 2013 alone.
We remain under constant attack, with variations of these approaches and other methods like phishing, vishing, and smishing (email-targeted attack, voice-targeted attack, and SMS-targeted attacks, respectively). Security needs to be everyone’s responsibility and has to come from the very top of the organization. It’s the same for any family. In my household, I invest a lot of time explaining these attack vectors and sharing stories of individual and corporate failures and losses that came as a result of poor security. I never miss an opportunity to use examples from all around me to illustrate why security matters and what you can do to achieve it.
The same should be true in any corporate environment: security needs to come from the board and CEO down. It can’t be an edict that applies just to employees while senior leadership is either ignoring or even bypassing the recommendations and training. Companies that have clear security guidelines and equip their employees to deal with potential attacks perform better and have lower risks of being breached.
Incremental Improvements for Employees in Managing Security
The recent WannCry ransomware outbreak that was closely followed by the Petya outbreak that swept around the world and crippled many companies and services offered a window into future potential challenges and raised awareness regarding security. Here are my suggestions for incremental improvements:
Do you have any other suggestions? What small change have you seen that makes a big difference when it comes to improving security in your organization, and in healthcare in general? What one thing could we do that would have a big impact in this area?
Please don’t hesitate to contact me with suggestions.
As a quick refresher, last year the U.S. Supreme Court overturned 40 years of precedent and upended statutory construction and enforcement by overturning the Chevron
From think tanks to federal agencies, health policy in the U.S. is often shaped by voices we don’t always see in the headlines. Abe Sutton,
Please log in to your account to comment on this article.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This second session in our 2026 IPPS Masterclass will feature a review the FY26 changes to ICD-10-PCS codes. This information will be presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This first session in our 2026 IPPS Masterclass will feature an in-depth explanation of FY26 changes to ICD-10-CM codes and guidelines, CCs/MCCs, and revisions to the MCE, presented by presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 RACmonitor. Powered by MedLearn Media.
Prepare for the 2025 CMS IPPS Final Rule with ICD10monitor’s IPPSPalooza! Click HERE to learn more
Get 15% OFF on all educational webcasts at ICD10monitor with code JULYFOURTH24 until July 4, 2024—start learning today!
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
