After the SingHealth cyber attack, it took a week for attackers to steal the personal data of 1.5 million people—about a quarter of the city-state’s population.
The cyber security of connected medical devices, notoriously poor for decades, could finally start to improve.
FUD—fear, uncertainty, and doubt—is usually met with relentless mockery in the cyber security world, since it’s sometimes used to try to frighten people into buying a product.
Software security and healthcare industry professionals operate at opposite ends of the spectrum. Security aims to maintain a secret. Healthcare aims to discover one. The lack of chemistry between security and healthcare mindsets Doctors operate under the theory that a medical professional should be able to swiftly access the information they’re seeking. Security experts insist upon verifying the actions of those performing sensitive tasks. While these mindsets are opposite, opposites often attract.
Posted in Healthcare Security | Comments Off on How can the healthcare industry protect itself from cyber threats?
Early last year, in response to the Cybersecurity Act of 2015, the US Department of Health and Human Services (HHS) established The Health Care Industry Cybersecurity Task Force. This month the task force published its recommendations to improve healthcare cybersecurity.
Originally posted on SecurityWeek.
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report from Synopsys and the Ponemon Institute on medical device security.
In 2015, healthcare became the most attacked industry, replacing financial services. Since 2010, there have been at least eight healthcare industry breaches publically reported in the media. The 2016 Cyber Security Intelligence Index states that five of the eight breaches took place during the first half of 2015. During that period, over 100 million medical records were reportedly compromised. Misalignment between HIPAA and software security The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996. However, the compliance date of HIPAA’s Privacy Rule and Security Rule didn’t take effect until 2003. These rules were created as a way to implement and enforce industry-wide security safeguards on protected health information (PHI).
In response to its haphazard patch release cycle in the late 1990s, Microsoft launched an every second-Tuesday-of-the-month “Patch Tuesday” program in 2004. Last week, on February 14 to be exact, Microsoft abruptly canceled its current monthly set of patches and said that its slate of new patches would return on March 14. The problem is the day before was the end of a 90-day window that Google had established as part of its disclosure policy and so the security researchers at Google Project Zero went ahead and released details of the still open vulnerability.
Next month, over 40,000 health IT professionals, clinicians, executives, and vendors will converge from around the globe to attend the 2017 HIMSS Annual Conference and Exhibition. The event will take place from February 19-23 in Orlando, Florida. We’re looking forward to those five days of exceptional education, cutting-edge health IT product discussions, and powerful networking opportunities.