I know it's easy to hop on the bandwagon of shaming #infosec in Healthcare given the ransomware news over the last two days. But please before you decide to blast your theory on how healthcare is lazy, uncommitted, etc. to security, take a few moments to consider their risk 1/
models and the unprecedented level of complexity they have to deal with in terms of technology and threats. We know the challenges of ICS systems that are built once and typically can't be easily upgraded as vulnerabilities are discovered. This is 10x worse when it comes to 2/
medical devices. Now add in the complexities of EMR systems which are managing vast amounts of disparate forms of data. Far more complex than even what we see in financial services. But the complexity doesn't end there. Consider the crazy networking infrastructures needed to 3/
bring all those technologies together into a seamless, largely mobile, zero down time, environment. It's crazy.

And then of course we ask this of organizations for whom security is not a core competency. Whose focus is on saving lives. And as a result for whom the resultant 4/
threat model features far more critical assets and more dire protection needs that any other industry.

Finally we throw all of this on the shoulders of organizations that are often struggling financially to keep pace with dynamic resources, technologies and trends that are 5/
the lifeline (no pun intended) of their ability to continue doing business. As such budgets become a very delicate balancing act and the core business of saving lives remains the paramount priority.

Yes, we've been saying for more than a decade that defending healthcare IT 6/
would become a life and death matter. However, perhaps it's on us for not demonstrating the actual business value and necessity in a way the resonated with leaders. So look within, how could we have done better as a community? It's time we #DoBetterBeBetter /FIN

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 👑 Alyssa Miller 🦄🛩️

👑 Alyssa Miller 🦄🛩️ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlyssaM_InfoSec

Oct 7
#pilot fam: I don't know who needs to hear this but if you went into NC this weekend to fly in supplies and were not working with a specific emergency response organization, you did it wrong and should not be surprised if your efforts were met with less than enthusiasm.

1/ Image
The supply missions you saw being flown by so many GA pilots as part of these orgs are highly coordinated. It's not just knowing what supplies are needed and what airports were safe to land at. It's about coordination with people on the ground to not only receive the

2/ Image
supplies from you but ensure there is a way to get those supplies from where you dropped them to the people that need them.

Right now I'm seeing angry stories of people being "blocked by FEMA" but so far every case I've looked at are people who did not have their efforts

3/ Image
Read 5 tweets
Oct 6
SO MANY LIES. I'm really sick of seeing people make assumptions or just plain lying about the response to Hurricane Helene in the Asheville area. It's insulting to the many great people working their butts off to help folks in dire need.

A 🧵

1/15 Image
Image
Image
Image
"FEMA is rejecting outside help" - STRAIGHT LIE! I was personally part of one grassroots org, and I know of at least 10 others, who were in the area in less than 2 days coordinating aid drops all across the affected area. People from all over the country came to help.

2/15
This lie seems to stem from a story about a man with a helicopter who was threatened with arrest for trying to save a couple. While the fire chief in question handled it poorly, the reason the guy was threatened was because he went in without coordination with first

3/15
Read 16 tweets
Jan 14
I've been dwelling on this response from @specterops' @jasonjfrank and whether to respond further. Considering some of the factors you're about to read, you'll see why I chose to take this point by point.

It'll be a thread since I refuse to pay the #MuskRansom.

1/

Image
Image
Image
Let's talk first about the supposed out reach to many diverse speakers. I mean I freaking called it that the "pipeline" excuse would be the first response in my post and you STILL came at us with that response? If you couldn't find a single non-male non-white human,

2/
who could "make it" you weren't trying very hard. This is the lazy excuse we see from conferences and other events time and again when they pull this and it's so tired and phony.

3/
Read 16 tweets
Jul 29, 2022
I'm not sorry I didn't live up to your expectations, those were, after all, yours not mine. I never claimed to be perfect, super human, or even a good person. I try to be all those things but I know I am not. 1/
Look, I can be selfish sometimes, I can be an a$$hole, I can be cruel and mean, and I can be hurtful. I make mistakes, I say and do dumb things, I make other people cry sometimes. It's part of being human, which I am. 2/
So what are my expectations of myself?

1. I expect myself to be self aware. I know I will make mistakes, I know I will do things I don't like, but my expectation is that when I do those things I can take a step back and analyze how I could have done better. 3/
Read 7 tweets
Mar 8, 2022
OK I said I wasn't going to do this but I guess I am, so here goes and if I left you off, I'm sorry, please know I love you and it was just an omission. Some amazing women doing amazing things that I want to recognize on #IWD2022. A 🧵
@DeweyRitten my partner, pushing me to learn and grow, and conquer
@LilMzMuffinCup amazing woman who inspires me
@virulentvalor proving every day what force she is
@invertedgeek an honor to watch your career launch
@gabsmashh the most intelligent human I know
@CISAJen overcoming BS to make CISA great
@BentleyAudrey beautiful woman whose always got my back
@aprilwright another amazingly talented and intelligent friend
@shehackspurple my appsec buddy doing amazing work to help others
@ki_twyce_ a constant source of inspiration
Read 9 tweets
Mar 8, 2022
"Don't give him attention"

Let me explain something. Cybe_rpunkfixer (subject of the original thread) attacked @gabsmashh, Ian Coldwater, myself and numerous other women. So calling me a troll and us a "mob" is an attack on us and a defense of an epic misogynist.

1/
Cybe_rpunkfixer has been banned under multiple accounts, for his harassment. Jonathan defends him as a victim. Jonathan still, inconceivably, has an audience that are unaware of how phony and toxic he is. So calling it out, I hope helps them to see that so they don't

2/
get sucked in and taken advantage of by a known bad actor in our midst. So instead of saying ignore him and he'll go away, understand he hasn't gone away. He's carefully groomed an audience, duped many (including mainstream media) and is doing active damage to

3/
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(