In 2016, more than a dozen hospitals and healthcare organizations were targeted by ransomware attacks that temporarily blocked crucial access to patient records and hospital systems until administrators agreed to make ransom payments to the perpetrators. Emerging online threats such as ransomware are forcing hospitals and healthcare providers to revisit and re-evaluate the existing patient data protection standards, codified in the Health Insurance Portability and Accountability Act, that have dictated most healthcare security measures for more than two decades. This talk will look at how hospitals are grappling with these new security threats, as well as the ways that the focus on HIPAA compliance has, at times, made it challenging for these institutions to adapt to an emerging threat landscape.
Josephine Wolff is an assistant professor in the Public Policy department at RIT and a member of the extended faculty of the Computing Security department. She is a faculty associate at the Harvard Berkman Center for Internet & Society and a fellow at the New America Cybersecurity Initiative.
Wolff recieved her PhD. in Engineering Systems Division and M.S. in Technology and Policy from the Massachusetts Institute of Technology, as well as her A.B. in Mathematics from Princeton University.
Her research interests include cybersecurity law and policy, defense-in-depth, security incident reporting models, economics of information security, and insurance and liability protection for computer security incidents. She researches cybersecurity policy with an emphasis on the social and political dimensions of defending against security incidents, looking at the intersection of technology, policy, and law for defending computer systems and the ways that technical and non-technical computer security mechanisms can be effectively combined, as well as the ways in which they may backfire. Currently, she is working on a project about a series of cybersecurity incidents over the course of the past decade, tracing their economic and legal aftermath and their impact on the current state of technical, social, and political lines of defense. She writes regularly about cybersecurity for Slate, and her writing has also appeared in The Atlantic, Scientific American, The New Republic, Newsweek, and The New York Times Opinionator blog.