Healthcare Cybersecurity Weekly Briefing 02-09-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Why Healthcare Cybersecurity Spending will Exceed $65B Over the Next 5 Years
As the healthcare space continues digitizing all of its information, it continues to attract more attention from cyber criminals. For anyone who needs some convincing on the magnitude of the problem the healthcare industry faces, consider this partial list of hacks, breaches and related activity that occurred in 2017.


CIOs and CISOs Working Together as Attack Threats Grow 
Healthcare IT executives say it’s crucial for them to work closely and in coordination with CISOs to ensure cybersecurity strategies mesh effectively with an organization’s IT initiatives. Providers are realizing that the risks to their operations couldn’t be higher, particularly as healthcare organizations have become dependent on electronic clinical records for continuity of care and operations.


Penetration Testing Is a Reference Point, Not a Strategy (Originally on CSO Online)
Pen tests are valuable only if the results are properly translated into an effective overall security strategy. I’m often skeptical of survey results, but a recent survey from the 2017 HIMSS (health sector) conference, which suggests that penetration testing is a top priority, caught my eye. Add to this Gartner’s global cybersecurity group estimate of a 14 percent uptick in “security testing,” as well as an 8.5 percent increase in “consulting.”


Every NHS Trust Tested for Cybersecurity Has Failed, Officials Admit 
“The amount of effort it takes from NHS Providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So some of them have failed purely on patching which is what the vulnerability was around WannaCry,” he said.


Apple’s iOS Push Could Change Healthcare Data Sharing, Still Won’t Kill the Fax
Eventually, as Apple envisions, a new electronic document system will prevail. But it’s going to be a very slow changeover, according to Ho, whose company does offer other forms of electronic file exhange. “Healthcare is a large, complex, multi-faceted system, and I don’t think we’re going to see rapid disruption,” Ho said. […] Apple’s new Health Records feature uses the existing Health app (released in 2014 for iOS 8) to enable medical facilities to connect via an API to their EMR systems to share data between providers and patients.


HIMSS Healthcare Security Forum Call for Proposals is Open
There may be no topic more important in healthcare than securing data and maintaining business continuity in the face to today’s mounting cyber threats. Our goal for this event is to deliver, over two days, a mix of topics and speakers who can provide the best strategic and tactical information to our audience of 200-plus healthcare CISOs and security leaders.


How Secure is Your Medical Data? 
About a year ago the American Medical Association included security and telemedicine in its list of top issues facing physicians.  But it’s not just a doctor issue – add patients, clinics, and hospitals to the list of non-compromising stakeholders.  The medical industry, like other industries home to Small-and-Medium businesses (SMBs), needs to be especially sensitive to security requirements that protect patients and themselves against cyber breaches.


NHS Computer Problems Could be to Blame for ‘Hundreds of Deaths’, Academics Claim
Devices in hospitals – which are used for a range of applications from storing patient records and making appointments to systems embedded in devices like MRI scanners and dialysis machines – are “unnecessarily buggy” and “susceptible to cyber-attack”, according to Harold Thimbleby, professor emeritus of geometry at Gresham College in London and professor of computer science at Swansea University.


Health-Care Extortion Goes Digital
Cyber extortion can also go well beyond financial demands. “Beyond the threat of crippling financial demands from a hacker, there’s the terrifying prospect of denial of service attacks on certain medical devices that could interfere with a facility’s clinical capabilities and disrupt treatment,” Jeremy D. Sherer, a health-care attorney with Hooper, Lundy & Bookman PC in Boston, told me.


Tips to Tackle the Biggest Cyber Challenge Hospitals Face: Medical Device Security
When asked what actions health systems could take now to boost medical device security, he didn’t have to think about it. “Have an appropriate inventory of your medical devices,” he said. “It’s nearly impossible to effectively patch and protect medical devices without this kind of information.” When buying medical devices, he cautioned hospital executives to make sure they are buying them with the security they need.


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.