Software Security

Archive for the 'Healthcare Security' Category

 

Responsible disclosure on a timetable

In response to its haphazard patch release cycle in the late 1990s, Microsoft launched an every second-Tuesday-of-the-month “Patch Tuesday” program in 2004. Last week, on February 14 to be exact, Microsoft abruptly canceled its current monthly set of patches and said that its slate of new patches would return on March 14. The problem is […]

Continue Reading...

Posted in Ethical Hacking, Healthcare Security, Vulnerability Assessment | Comments Off on Responsible disclosure on a timetable

 

Shining a light onto cybersecurity at the 2017 HIMSS Conference

Next month, over 40,000 health IT professionals, clinicians, executives, and vendors will converge from around the globe to attend the 2017 HIMSS Annual Conference and Exhibition. The event will take place from February 19-23 in Orlando, Florida. We’re looking forward to those five days of exceptional education, cutting-edge health IT product discussions, and powerful networking opportunities. […]

Continue Reading...

Posted in Healthcare Security, Security Conference or Event | Comments Off on Shining a light onto cybersecurity at the 2017 HIMSS Conference

 

What to look forward to at the 2017 Medical Device Security 101 Conference

This year’s Medical Device Security 101 Conference is just days away. We’re looking forward to meeting attendees January 15-17 in sunny Lake Buena Vista, Florida. Identify, prevent, recover. We’d like to thank the University of Michigan’s Archimedes Center for Medical Device Security for hosting the two-day educational workshop. This synergistic environment explores how to identify, […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Security Conference or Event | Comments Off on What to look forward to at the 2017 Medical Device Security 101 Conference

 

St. Jude plans cyber security medical advisory board

On Monday, St. Jude Medical said that it planned to set up its own medical advisory board focused on cyber-security issues affecting patient care and safety. According to the Reuters news service, the U.S. Food and Drug Administration has started an investigation into the company’s medical devices after a report in August from short-seller Muddy […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on St. Jude plans cyber security medical advisory board

 

Researchers question Muddy Water’s security report on St. Jude Medical

New research suggests that parts of a report from a capital investment firm alleging vulnerabilities in St Jude Medical devices were inaccurate. Last week, Muddy Waters Capital founder Carson Brock said in a statement, “We find STJ Cardiac Devices’ vulnerabilities orders of magnitude more worrying than the medical device hacks that have been publicly discussed […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Researchers question Muddy Water’s security report on St. Jude Medical

 

Hacking medical devices: 5 ways to inoculate yourself from attacks

A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices […]

Continue Reading...

Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks

 

Synopsys finds 460 software vulnerabilities in hospital information system

On Thursday researchers Mike Ahmadi of Synopsys and Billy Rios of Whitescope disclosed 460 vulnerabilities in Philips Xper Connect, an optional bidirectional hospital information system (HIS) interface. 272 of these vulnerabilities they said are present in 5 software packages present in the Xper-IM Connect system software. 188 of the vulnerabilities are associated with Windows XP […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on Synopsys finds 460 software vulnerabilities in hospital information system

 

iPhone loss prompts HIPAA violation

The Office for Civil Rights, which oversees and enforces HIPAA has fined the Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia $650,000 over the theft of an iPhone containing patient information. The data lost concerned the protected health information of 412 nursing home residents. OCR found that CHCS lacked the required risk analysis […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on iPhone loss prompts HIPAA violation

 

Software security in healthcare: What we’ve learned

Patient care is of the utmost importance within the healthcare industry. In fact, healthcare is one of the few industries responsible for protecting both the personal health and payment information of their patients—not to mention the intellectual property of internal operations. Securing such a variety of sensitive data requires a well-rounded strategy involving planning, technical expertise, and […]

Continue Reading...

Posted in Healthcare Security, Maturity Model (BSIMM), Software Security Testing | Comments Off on Software security in healthcare: What we’ve learned

 

New hospital ransomware targets JBoss flaws

Ransomware is malicious software that encrypts data until a ransom is paid. Recently there has been a spate of attacks against healthcare organizations. On Monday, Washington-based Medstar Health had to shut down operations because of ransomware. One variation of ransomware, Samsam, stands out because it skips the user and focuses directly on the network under […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on New hospital ransomware targets JBoss flaws