A doctor works on a computer. Mitchell Parker, CISO at Indiana University Health, has advised small and medium health care providers to outsource EMR hosting to a third party. (Universal Images Group via Getty Images)

Strapped for cybersecurity resources, small and medium-size health care providers should outsource electronic medical record (EMR) maintenance, Payment Card Industry (PCI) compliance and threat intelligence gathering to third-party service providers, but risk assessment must still be handled internally, according to Mitchell Parker, CISO at Indiana University Health.

Lamenting the recent scourge of ransomware and data breach attacks against health care organizations, along with what he believes is lack of specific cybersecurity guidance and an overabundance of “snake oil” infosec companies that provide expensive risk assessments “while not delivering anything of value,” Parker presented a series of recommendations for smaller medical providers in a presentation at the 2020 virtual Black Hat conference.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.