Healthcare Cybersecurity Weekly Briefing 06-01-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

One in Three HCOs Hit by Cyber-Attack
More than one in three healthcare providers have suffered a cyber-attack over the past year, with 10% paying a ransom or other extortion-related fee, according to Imperva. The vendor polled over 100 healthcare IT professionals at the recent 2018 Healthcare Information and Management Systems Society (HIMSS) Conference in the US.

Cybersecurity Should No Longer Be an IT Problem, Says MedSec CEO Justine Bone
Our dependency on technology to deliver trustworthy services makes the protection of technology — and those that use it — a priority. A cybersecurity incident — anything ranging from service downtime due to a ransomware attack, to the theft of health records, to more dramatic patient safety scenarios related to medical device operations — will all affect trust, and by extension, business.

How to Protect Patient Data That’s Being Shared Widely 
Data sharing expands the attack surface for hackers—the traditional “network” becomes dispersed and often sits outside the organization’s four walls, rendering the “bigger wall” strategy for protecting information ineffective. Now, not only will employees be “phished,” but so will those workers from all the organizations that interact with healthcare organizations.

Realistic ‘Zero Trust’ for Your Cybersecurity Program
First, you can’t implement any single technology and “turn on” zero trust. Instead, since it’s a philosophy or mindset that defines your whole approach, implementation requires multiple technologies working together. This might include identity and access management (IAM) systems, network equipment and technologies, authentication technologies, operating system services, and numerous other technologies up and down the stack. On the plus side, adopting the zero trust mindset may not require that you buy anything new — only that you rethink how you use what you already might have.

Hospitals Call for Centralized Cyber Vulnerability Reporting in Response to FDA Device Safety Plan
The American Hospital Association is calling for a central system for medical device manufacturers to report cyber vulnerabilities, a recommendation issued in response to the Food and Drug Administration’s recently issued “action plan” for device safety. The AHA in written comments generally supports the FDA plan, but calls for additional steps to secure devices against cyber attacks.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.