Healthcare Information Security

Healthcare Information Security Interviews

FDA Scoring Tool Update Adds Vulnerability Risk to Patient Safety

by Jessica Davis

The FDA recently unveiled a new scoring system for assessing medical device vulnerabilities, an update from its previous system that was initially designed for commercial devices and didn’t account for patient saf...

Ransomware Wave Hits Healthcare, as 3 Providers Report EHR Downtime

by Jessica Davis

The FBI is investigating an ongoing wave of cyberattacks, including Ryuk ransomware, trouncing US hospitals, health systems, and other providers. At least three systems have already been driven into EHR downti... Ryuk ransomware has pummeled the healthcare sector, predominantly targeting larger organizations or distributed networks of entities through their IT MSPs or hosting internet service providers.  The human-operated ranso...

Medical Device Security Stymied by Legacy Tech, Flawed Segmentation

by Jessica Davis

Healthcare delivery organizations are increasingly deploying medical devices, IoT, and other medical platforms to improve connectivity and support patient care. But failed network segmentation, legacy devices, and other network failures&nb...; However, a deeper dive into the data revealed the majority of providers continue to struggle to appropriately apply surface view segmentations. There are also a concerning number of organizations that mixed persona...Vulnerable Device Communication For dos Santos, the real challenge is the communication between devices within and across segments, leveraging older versions of protocols, applied cryptographic measures, or the use of clear text, on wh... Researchers were able to conduct a host of nefarious activities, including passively intercepting test results sent in clear text by operators, by observing network traffic and examining the POCT01 packets, while actively intercepting...

Ensuring Transparency: Language to Avoid in HIPAA Breach Notifications

by Jessica Davis

HIPAA-required breach notifications in the wake of a security incident continue to be an Achille’s heel for the healthcare sector. Many notices appear laden with flowery language that make light of an incident&nbs...; Erik B. Weinick, privacy and cyber litigation attorney for Otterbourg PC, explained providers should also be mindful that HIPAA is not the only regulation that should govern their response to a security i... The provider also explained the details they did know at the time: Social Security numbers, administration information, full names, and case information were accessed during the attack. In June, Oregon DHS provided an update: the...

Ransomware Spurs EHR Downtime at UHS Health System, 3 More Providers

by Jessica Davis

Universal Health Services is currently recovering from a ransomware attack across its 400 locations, with facilities leveraging back-up processes and paper documentation to continue safe and effective patient c...

Ransomware Hacking Groups Post Data from 5 Healthcare Entities

by Jessica Davis

The hacking groups behind Pysa, or Mespinoza, SunCrypt, REvil, and NetWalker ransomware variants posted data allegedly stolen from five separate healthcare entities on the dark web for sale,...

Healthcare’s Password Problem and The Need for Management, Vaults

by Jessica Davis

Digital Shadows recently reported that at least 15 billion compromised credentials and passwords are for sale on the dark web. The data should serve as a warning to healthcare entities on the need for enha...

Key Needs for a Resilient Healthcare Information Security Program

by Jessica Davis

The Office of Civil Rights recently shared ways an IT asset inventory can create a more effective risk analysis to close information security gaps and support HIPAA compliance. Given the sophistication of the current threat l...In addition, employees will be crucial to improving an organization’s cybersecurity posture. Unfortunately, most the security department in most organizations functions with minimal employees, Mookencherry explained. There&r...As; noted previously by security researchers, the HHS telehealth expansion brought its own risks to both protecting massive amounts of patient data and ensuring the security of the connection between the provider and patient, she explai...

The Risk of Nation-State Hackers, Government-Controlled Health Data

by Jessica Davis

The COVID-19 pandemic has driven a rise in targeted, sophisticated cyberattacks designed to take advantage of an increasingly connected environment. In healthcare, it’s led to a rise in nation-state attacks, in an effort to&...While system vulnerabilities should be remediated and monitored given the heightened traffic, phishing campaigns continue to be the leading infection vector, Pace explained.  “These organizations are especially susceptible to tar...It’s clear that data sharing is crucial during a pandemic. However, it “represents a social contract of trust.”   “But without transparency then suddenly personal demographic data, let a...“When there’s a sudden shift in the agency controlling said data then it certainly raises questions about why this has happened,” said Abed. “Is there a deficiency with the previous data controller? Or is there somet...

COVID-19 Cybersecurity: Building Resilience Beyond the Crisis

by Jessica Davis

A recent Forescout report showed more than a third of workstations in healthcare operate on unsupported versions of Windows, among a host of other vulnerabilities found in everyday medical devices. The COVID-19...For Langer, healthcare is focusing on two key vectors: the adoption of new technology and the IoT connectivity surge, as well as optimizing spending. Notably, the adoption of new technology can lead to better cost savings and...And without those insights, organizations won’t be able to correlate the devices with the right vulnerabilities within the threat landscape. Thus, organizations won’t be able to create actionable insights.  &ldquo...The; Need for Collaboration Information sharing is crucial to shoring up the healthcare threat landscape, including participation in forums and groups. Langer explained that the reality is there are a range of sizes and types of healthcare o...

The Key to Improving Medical Device Security is Collaboration, Visibility

by Jessica Davis

The recently reported Ripple20 vulnerabilities found in more than 52,000 medical device models that could allow for remote code execution, highlight the need for greater collaboration between healthcare deliver...“What the FDA is going with standards and guidance is really cutting edge. And there will be additional guidance going forward that will empower manufacturers to build in security at the beginning,” she added.&nbs...;

Impact of Ripple20 Vulnerabilities on Healthcare IoT, Connected Devices

by Jessica Davis

Healthcare is the sector most impacted by a group of 19 critical vulnerabilities known as Ripple20, found in the TCP/IP communication stack of hundreds of millions of IoT and connected devices. The impact of which is currentl...

Cloud Mitigation for Ransomware, as COVID-19 Spurs Cyberattacks

by Jessica Davis

A host of cyberattack trends on the health sector emerged in the wake of the COVID-19 pandemic, as hackers sought to take advantage of the crisis with ransomware and misinformation campaigns, according to a 4iQ report. Mitigation techniques...

Breach of Telehealth App Babylon Health Raises Privacy Concerns

by Jessica Davis

UK-Based telehealth app Babylon Health recently experienced a breach of its general practitioner platform, where users were able to access videos from other patients’ appointments, first reported by the BBC. On June 9, a patient annou...

COVID-19 Security: Reducing Risk of Temporary Hospitals, Remote Care

by Jessica Davis

The COVID-19 pandemic has fueled the pace of change in the healthcare sector, from telehealth expansion to the rapid deployment of temporary hospitals. But the increase in telework, mobile tech, remote care, and temporary hospitals has also...Most organizations are dealing with an increasing number of new apps being hosted in the cloud or in the public cloud space, said Foster. The number of mobile devices has also increased over the last five years. Notable in healthcare, where...“Hospital security teams need to implement basic security procedures to protect critical equipment such as connected medical devices,” Olcott said. “Security teams can leverage remote office risk discovery tools to easily ...

External Threats Outpace Insider-Related Breaches in Healthcare

by Jessica Davis

The number of confirmed data breaches in the healthcare sector substantially increased last year, as external threats exceeded the number of insider-related incidents for one of the first times, according to the latest Verizon Data Breach I...

COVID-19 Contact Tracing Apps Spotlight Privacy, Security Rights

by Jessica Davis

Contact tracing app initiatives have emerged in the wake of the COVID-19 pandemic, as a modern enhancement to traditional methods for tracking the spread of the virus, finding new infections, and supporting the reopening of the economy. Sev...However, it is crucial people have an understanding of what they’re giving up in exchange for participation and its benefits. For Valdetero, those risks are tied to apps that allow you to identify particular users through the app&rsqu...Right; now, Congress is considering competing legislation designed to shore up some of these issues and ensure collection ends after the pandemic, but Federman mused: “How do we know that it’s actually going to happen?” &ld...Those; surveillance concerns have stemmed from instances in the UK and India, where Coleman said its citizens have experienced unprecedented watchdog scrutiny. While the US has broader freedoms, without a federal privacy law, “transpar...And with the widespread adoption of Bluetooth-based contact tracing apps, the number of Bluetooth-activated devices would also increase – as would the risk surrounding existing Bluetooth vulnerabilities, explained Smith. There are wel...

Ransomware Success Declines Amid COVID-19, But Resurgence is Likely

by Jessica Davis

Successful ransomware attacks on the US healthcare sector are in decline with just 25 providers impacted during the first quarter of 2020, compared to a total of 764 events, or an average of 191 per quarter, in 2019, according to the latest...

Critical VPN Security for Telehealth, Remote Access Amid COVID-19

by Jessica Davis

The week COVID-19 was declared a national emergency, several media outlets reported some hacking groups vowed to stop targeting the healthcare sector during the pandemic. At the same time, the majority of businesses shifted employees into m...

Must-Have Telehealth, Remote Work Privacy and Security for COVID-19

by Jessica Davis

The COVID-19 pandemic has rapidly expanded the use of telehealth, telemedicine, remote work, and bring-your-own-device, both on-site and remote in the healthcare sector. But while some outlets have reported hackers have vowed not to target ...Identity Authentication From an institution standpoint, the use of continuous identity authentication will be critical during the crisis. Gordon explained this can be accomplished in several ways, but the most common is multi-factor au...The tool allows organizations to not only authenticate the user, but also the device their using and its security posture. Organizations need to craft the minimum security requirements for the device and communication methods, which will al...For Gordon, several VPN platforms can provide both MFA and endpoint compliance, while ensuring protected connectivity “where you’re encrypting communication session between the device and the data between the practitioner’...

Most Read Stories

Upcoming Webcasts

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks