Here are six minutes of the best moments from “Hacking Healthcare Security: An hour of critical thinking on reducing risk across the health industry’s unique threat vectors”.

To see the entire replay, go here.

Joining me in the chat were Jon Ehret, vp of strategy & risk, RiskRecon and Errol Weiss (@errolw65), CSO, Health-ISAC.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor, RiskRecon

Get a toolkit for assessing AWS security configurations! This new playbook and the accompanying questionnaire were built to help you achieve better risk outcomes by providing you with the knowledge and tools to objectively assess the security quality of any Amazon Web Services deployment.

Winner of “Best Bad Idea”

An impressive 30 bad ideas for this week’s video chat. Here are some of the honorable mentions:

“When a healthcare facility loses your data, they get to scramble your biological material and send you a new identity.” – Chris Roberts, hacker-in-residence, Semperis

“Make all employees pay a copay to reset their passwords.” – Trey Turbett, enterprise sales development representative, CloudPassage

“Give all patients the CISO’s phone number so they can call anytime they have concerns about their PHI.” – Michelle Valdez, CISO, OneMain Financial

Best quotes from the chat room

“I think another unappreciated factor about pharma IP is that the pharma companies are frequently in competition and cooperation at the same time. So you have to setup IP-sharing mechanisms with your competitors… only defense (in my experience) has that same challenge.” – Paul Lanzi, COO, Remediant

“Just because someone has a title doesn’t mean they are competent in that role.” – Scott McCormick, CISO, Reciprocity

“The issue with HiTrust, SOC2, etc is that not all vendors accept them, so turns into never ending custom assessments to provide services.” – Jared Couillard, director, IT and security, Cohere Health

“If they treat frameworks like a checkbox, they don’t have a security culture.” – Chris Foulon, senior security consultant, GRIMM