|
Wednesday, June 4, 2025
RESCHEDULED: Wednesday, June 11, 2025
1:00 pm - 2:15 pm ET
(Noon - 1:15 pm CT/11:00 am - 12:15pm MT/10:00 am - 11:15 am PT)
Tech Talk: Vulnerability Management in Healthcare – Your Top Cyber Audit This Year
Speaker
Paul Douglas, CISA; CCSFP; CHQP; CDPSE, Partner, EisnerAmper
Paul Douglas is a Partner in the firm's Risk and Compliance Services (RCS) Group, focusing on IT risk advisory, data privacy and security strategies, and IT compliance. He works with a broad base of clients in the healthcare industry including large providers, outpatient facilities, health information exchanges, and third-party business associates. In addition to his depth of experience providing internal audit and cyber risk services within the healthcare sector, he has also served as an interim HIPAA compliance officer and supported breach investigations performed by the Office for Civil Rights under Health and Human Services.
Paul guides clients through the complex landscape of security and privacy laws, translating laws, regulations, and requirements into actionable strategic plans. With his strong background in conducting high-value assessments and implementing robust risk management plans, Paul helps organizations to effectively address and mitigate risks. He has experience serving clients subject to a wide variety of standards, including Control Objectives for Information and Related Technologies (COBIT), the NIST Cybersecurity Framework, NIST 800-53 and NIST 800-171 for Controlled Unclassified Information, the HIPAA Security, Privacy, and Breach Notification Rules, the HITRUST Common Security Framework, The California Consumer Privacy Act (CCPA), the European Union's General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS).
Through his breadth and depth of experience, Paul leads his team to excel in developing and implementing comprehensive guidelines and best practices that ensure the confidentiality, integrity, and availability of clients' information and data. With a strong focus on delivering tailored solutions, Paul enables organizations to navigate the ever-evolving cybersecurity environment while maintaining regulatory compliance.
Moderator
Mark Stacey, FCA, CIA, CISA, Associate Director, Technology Audit, Protiviti
Mark Stacey is an Associate Director in Protiviti’s Technology Audit practice based in Houston, Texas. He has over 20 years of Technology Audit experience in a range of business sectors, most recently in Healthcare. Mark has led Internal Audit as the acting Chief Audit Executive in a hospital system for close to one year. He also has past operational experience as an IT Program & Project Manager. Mark has led multiple Technology Audit efforts delivering impactful projects including efforts to enhance Information Security governance, the security of medical devices, mobile devices, cloud systems and multiple Data Governance and Data Privacy audits. He recently led a year-long Program Governance & Project Management embedded assurance role for a client’s IT transformation program. He has delivered many integrated Finance-IT audits and performed a lead role in establishing governance for Sarbanes Oxley IT compliance.
Webinar Description:
Vulnerability management is one of the most important functions of an organizations cybersecurity program. When developing an IT audit plan and selecting which cyber risk related topics to address, vulnerability management can provide important insight into the security posture of your organizations. When considering the distributed IT environment common within the healthcare industry, as well as the diverse collection of end points connected to our networks, this presents an opportunity for internal audit to assess the effectiveness of vulnerability management practices and help champion adoption of the program.
This session explores the principles and practices of vulnerability management within the healthcare sector. Participants will gain insight into identifying, assessing, prioritizing, and remediating vulnerabilities while aligning with compliance mandates such as HIPAA and HITRUST. The presentation will also examine real-world breaches, tools and frameworks used in healthcare cybersecurity, and strategies for building a proactive vulnerability management program.
Learning Objectives:
- Define the concept of vulnerability management and explain its importance in maintaining cybersecurity and regulatory compliance within healthcare organizations.
-
Identify common types of vulnerabilities found in healthcare IT environments, including legacy systems and medical devices.
- Describe the steps in a risk-based vulnerability management lifecycle, including detection, assessment, prioritization, remediation, and verification.
- Discuss audit approaches and techniques for conducting a vulnerability management audit.
Cost:
Members - COMPLIMENTARY (You MUST be a current member to take advantage of this benefit.)
Program Level: All
Field of Study: Information Technology
Prerequisites: None
Delivery Method: Group Internet Based
CPE Credits: 1.5 CPE credit
Please Note: If you wish to receive continuing professional education credits for participating in the discussion, you are required to register and pay the registration fees (if applicable). You will also be required to answer 4 of the 5 questions asked online during the discussion to qualify for CPE credit.
|
