Archive for the ‘hipaa’ Category

75% of medical infusion pumps affected by known vulnerabilities

Researchers analyzed more than 200,000 network-connected medical infusion pumps and discovered that over 100,000 of them are vulnerable. Researchers from Palo Alto Networks have analyzed more than 200,000 medical infusion pumps on the networks of hospitals and other healthcare organizations and discovered that 75% are affected by known vulnerabilities that could be exploited by attackers. […]

Leave a Comment

How to keep your medical device IP safe from cyber attacks

Guarding intellectual property (IP) has always been a priority for medical device manufacturers as competitors and even nation states are constantly trying to compromise or steal IP. For example, in January 2019, a Chinese national who stole secrets while working for medical device companies including Medtronic and Edwards, was sentenced to over two years in […]

Leave a Comment

Help Net Security: Healthcare Cybersecurity Report has been released

Help Net Security newest report takes a closer look at one of the most targeted industries today – healthcare. As exhausted healthcare professionals struggle with an extraordinary situation, their IT departments face critical skills and staffing shortages. Routine security measures may fall by the wayside, breaches may go undetected for weeks, and efforts to validate […]

Leave a Comment

ENISA – The need for Incident Response Capabilities in the health sector

The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. An attack against a hospital can lead to physical damages and put the lives of patients at risk. The Agency remarks the need to […]

Leave a Comment

Healthcare – Patient or Perpetrator? – The Cybercriminals Within

With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities. Moreover, the healthcare industry collects unique data, known as Protected Health Information (PHI), which is extremely valuable. Our PHI is engrained within us; medical history cannot get changed. As such, this information can sell for three times as much as Personally […]

Leave a Comment

Baby died at Alabama Springhill Medical Center due to cyber attack

A baby allegedly received inadequate childbirth health care, and later died, at an Alabama Springhill Medical Center due to a ransomware attack. An Alabama woman named Teiranni Kidd has filed suit after the death of her baby, she claims that the Springhill Medical Center was not able to respond to a cyberattack that crippled its […]

Leave a Comment

List of mandatory documents required by ISO 45001

By Luke Irwin ISO 45001 is the international standard that contains best practices for OH&S (occupational health and safety). Its goal is to reduce injuries and diseases in the workplace, including the promotion and protection of physical and mental health. It’s an issue that’s more important than ever. In addition to the 2.78 million deaths and […]

Leave a Comment

Cybersecurity, emerging technology and systemic risk: What it means for the medical device industry?

The WEF singled out five global cybersecurity challenges: 1. Increasing sophistication of cyberattacks and cyber adversaries2. Widening cybersecurity skills gap3. Lack of intelligence and operational information sharing4. Keeping up with regulatory changes and uncertainty5. Underinvestment and lack of business buy-in Below, expert insights into these five challenges, as well as paths forward for the medical […]

Leave a Comment

Hospital Operator Takes Network Offline After Major Cyberattack

A Californian hospital operator has made the move to take is network offline after it was hit by a major cyberattack.  Reports state that the Scripps Health computer network that operates across half a dozen hospitals and a number of outpatient facilities in the San Diego, California area was forced to move to offline procedures […]

Leave a Comment

Connected medical devices brought security loopholes mainstream

Connected medical devices are proving essential amidst today’s new normal, but their mainstream adoption has also brought security loopholes to the fore. Fragmented systems have given rise to information silos and unencrypted devices, with hackers increasingly targeting health organizations and hospitals as a result. It is worth considering what cybersecurity leaders can do as data […]

Leave a Comment

The M.D. Anderson Case and the Future of HIPAA Enforcement

The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2001), the 5th Circuit struck down a fine and enforcement action by HHS as […]

Comments (1)

Exploiting Medical Information Systems

Leave a Comment

Health Insurer Fined $5.1M For 17-Month-Long Data Breach

An American health insurer has been fined $5.1M for a potential HIPAA violation after a data breach saw more than 9.3 million customers impacted and their personal health information potentially accessed.  The health insurer was fined after news of a 17-month data breach came to light, which forced the Excellus Health Plan, Inc. to pay […]

Leave a Comment

Critical Bug in Infusion System Allows Changing Drug Dose in Medical Pumps

Researchers discovered two vulnerabilities in Alaris Gateway Workstations that are used to deliver fluid medication. One of them is critical and an attacker could leverage it to take full control of the medical devices connecting to it. Source: Critical Bug in Infusion System Allows Changing Drug Dose in Medical Pumps Healthcare privacy and security Enter […]

Leave a Comment

Cyberattacks against hospitals increased over 1000% last year

Cyberattacks against hospitals increased over 1000% last year : cybersecurity IICS Delhi Ethical Hacking Digital Forensics services Source: Cyberattacks against hospitals increased over 1000% last year What happens when hackers attack a hospital?  Subscribe in a reader

Leave a Comment

8 tactics for mobile data privacy and security

By Mary Mosquera With the sweeping use of mobile devices by healthcare providers, physicians and hospitals need to embrace best practices for protecting sensitive patient data, privacy experts say. For example, encrypt sensitive data when it is necessary to store on wireless devices. Sixty-four percent of physicians own a smartphone and one third of them […]

Leave a Comment

HIPAA poses greatest compliance challenges for information security

The Health Insurance Portability and Accountability Act (HIPAA) is the most challenging information security regulation for businesses to implement, according to a survey by IT management products firm Ipswitch. According to an Ipswitch survey of 100,000 network administrators, 38.2% said that HIPAA was the most challenging information security regulation to implement, followed by the Sarbanes-Oxley […]

Comments (2)

Due diligence is the cost of doing business for healthcare

According to an estimates, the Healthcare in US may be vulnerable to $6 billion annually from data losses in various forms. A survey done by the privacy and data-management firm Ponemon Institute found that Healthcare organizations are still using primitive data management techniques and run the risk of spending an average of US $1 million […]

Leave a Comment

Risky business

Image by purpleslog via Flickr By Mary Mosquera Last year’s HITECH Act toughened the rules and enforcement penalties health information handlers must follow to protect patient privacy. Under the new policy regime, providers will have to pay more attention to the confidentiality and safety of patient information as they move more of their operations toward […]

Leave a Comment

Security glitch exposes WellPoint data again

Image via Wikipedia By Tom Murphy INDIANAPOLIS – WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer’s records. The Indianapolis company said the problem stemmed from an online program customers can use to […]

Leave a Comment