Healthcare Cybersecurity Weekly Briefing 6-2-2017

Providers Beware: Consumers Have Low Tolerance for Cyberattacks

68% of U.S. consumers would consider leaving their healthcare provider if it was attacked by ransomware, a survey of 5,000 consumers by security firm Carbon Black shows.

Roughly 7 in 10 consumers trust their healthcare providers and financial institutions to keep their data safe, while only about half trust retailers. At the same time, consumers believe individual organizations — and not security vendors, software companies or the government — bear the brunt of responsibility for protecting personal data.

http://www.healthcaredive.com/news/providers-beware-consumers-have-low-tolerance-for-cyberattacks/443721/

 

Plastic Surgery Patients Face Extortion in Wake of Clinic Data Breach

Thousands of private photos have been leaked by cybercriminals following the hack of a Lithuanian cosmetic surgery clinic. A hacking group, using the nickname “Tsar Team”, leaked images it claims came from the Grozio Chirurgija clinic servers. The group spaffed the data after targeted health facility’s customers failed to meet extortionate payment demands. Local police say dozens of patients have come forward to report getting blackmailed.

https://www.theregister.co.uk/2017/05/31/plastic_surgery_extortion_hack/

 

Medical Device Industry Not Doing Enough on Cybersecurity’

The study also found that around half (49%) of device manufacturers were not using guidance from the FDA about how to secure devices. And worryingly, it seems testing of medical devices rarely occurs. Only 9% of manufacturers and 5% of HDOs said they test medical devices at least annually, and 53% of HDO and respondents said they either do not test or are unaware if this takes place. That was also the case for 43% of device companies.

http://www.fiercebiotech.com/medtech/medical-device-industry-not-doing-enough-cybersecurity

 

Radio-Controlled Pacemakers aren’t as Hard to Hack as You (May) Think

Chief among the concerns: radio frequency-enabled pacemaker programmers don’t authenticate themselves to the implanted cardiac devices, making it possible for someone to remotely tamper with them. “Any pacemaker programmer can reprogram any pacemaker from the same manufacturer,” researchers from medical device security consultancy WhiteScope wrote in a summary of their findings. “This shows one of the areas where patient care influenced cybersecurity posture.”

https://arstechnica.com/security/2017/05/radio-controlled-pacemakers-arent-as-hard-to-hack-as-you-may-think/

 

Organizations Concerned About Medical Device Attacks: Study

The study, based on a survey of 550 individuals conducted by the Ponemon Institute, shows that 67 percent of medical device makers and 56 percent of HDOs believe an attack on the medical devices they build or use is likely to occur in the next 12 months […] On the other hand, only 17 percent of device manufacturers and 15 percent of HDOs have taken significant steps to prevent attacks. Roughly 40 percent on both sides admitted that they haven’t done anything to prevent attacks.

http://www.securityweek.com/organizations-concerned-about-medical-device-attacks-study

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at: https://criticalinformatics.com/healthcare/

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.