Healthcare Cybersecurity Weekly Briefing 10-13-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Prioritizing Data Security Strategies for Health IT Infrastructure
Healthcare providers must consider access control, audit controls, integrity controls, transmission security, and authentication. Essentially, entities need to monitor how data is transferred, stored, and accessed at all times. For example, a physician’s identity should be confirmed before she is able to access a network or EHR. A provider could opt for a multi-factor authentication process, ensuring that an individual who has been granted a certain level of access is the same person attempting to log on to the system.

 

The CISO’s Guide to Minimizing Health Care Security Risks
The CISO is responsible for protecting patients’ health data, which requires collaboration across the organization and with business partners such as vendors and insurers. For the common good of the health care industry at large — which includes individual practitioners, third parties and, most importantly, patients — all health care organizations must invest in solutions and strategies to protect PHI and manage risks to critical systems.

 

Cybersecurity Firm Finds ‘90% Crud’ Rule Rings True Among 100 Billion DNS Records
Cybersecurity investigators in healthcare organizations can access DNS records to increase the speed and accuracy of detecting and responding to cyberattacks, FarSight said. The company added that hackers and cybercriminals leave so-called digital footprints in the DNS, which means that hospital infosec teams can follow those to track down attackers by domain name and IP address.

 

Healthcare Cyber Security Market Show Exponential Growth by 2023
On the basis of the solution type, the healthcare cyber security market has been segmented into risk and compliance management, identity and access management, security information and event management, and intrusion detection system (IDS)/intrusion prevention system (IPS), firewalls, antivirus, antimalware software, data encryption software, and others.

 

New Bill to Tackle Medical Device Cybersecurity
U.S. Representatives Dave Trott (MI-11) and Susan Brooks (IN-05) introduced the Internet of Medical Things Resilience Partnership Act last week, with the aim to collect and centralize all existing, relevant cybersecurity standards, guidelines, frameworks, and best practices, identified the current high-priority gaps and problems, and pinpoints actionable solutions while providing a framework for IoMT (Internet of Medical Things) developers for which to reference.

 

EHR Interoperability to Transform Healthcare in Decade Ahead
“Many of these use case concepts and technologies already are in play,” wrote authors. “Hospital executives should be planning how to integrate technology into newly built facilities and retrofit it into older ones. A well-crafted strategy can lay the foundation for future investments in care delivery, talent, data management, and cyber security.”

 

Education, Information Sharing Key in Healthcare Cybersecurity
Furthermore, organizations need to establish an ongoing education program for all employees about cybersecurity and cybersecurity threats. Good security practices must be enforced, she stressed. “Address myths. There are many myths about cybersecurity, for instance, that appropriate security controls decrease productivity,” Meadows said. “Use your C-suite and physician champions and educational sessions to debunk those myths.”

 

3 Ways Healthcare Organizations Can Build Better Cyberdefenses
1. Regular Penetration Tests Keep Cyberdefenses Strong
2. Cybersecurity Leadership Is a Top Priority
3. Give Medical Devices a Second Look for Security

 

Measure to Shield Health Care Data From Cyberattacks
Reps. Dave Trott (R-MI) and Susan Brooks (R-IN) introduced last week a bill designed to establish the framework to protect healthcare information from cyber-attacks. The pair of lawmakers said the Internet of Medical Things Resilience Partnership Act would create a public-private stakeholder partnership that collects and centralizes all existing, relevant cybersecurity standards, guidelines, and best practices while identifying high-priority problems and actionable solutions.

 

Inside the Molina Healthcare Data Breach: Cause & Solutions
The security flaw was simple – which angered many cyber security professionals in the field – it allowed Molina patient data to be accessed by simply changing a single number in the URL. […] “It’s unconscionable that such a basic, Security 101 flaw could still exist at a major healthcare provider today,” said Krebs. “However, the more I write about these lame but otherwise very serious vulnerabilities at healthcare firms the more I hear about how common they are from individual readers.”

 

Medical Records and Sensitive Data of 150,000 US Patients Exposed
IT security researchers at Kromtech Security discovered an unprotected Amazon Web Services (AWS) bucket available for public access.  […] According to Kromtech Security blog post, the 47.5 GB data contained patients names, phone numbers, addresses, 316,363 PDF medical records in the form of weekly blood test results and test results. Furthermore, the data contained a backup folder for the firm’s development server and personal details like name of doctors, client data and case management notes.

 

Is a Cyber Equivalent of ‘D-Day’ Inevitable in the Medical Industry?
Chief among his concerns is that a failure to do so is now a — potentially life and death — patient safety issue. Chaput cited the opportunity for a cyber-terrorist to hack into a medical file to change blood types, which would be deadly in a transfusion situation. Or using entry into a hospital HVAC system to shut down cooling to compromise imaging suites or blood storage chillers.

 

FDA Pilot Program Sparks Questions About Healthcare IoT Security Risks
The FDA announced in July 2017 that it would fast track the regulatory approval process for digital healthcare devices by evaluating the companies behind the solutions instead of the actual solutions. Under the proposal, pre-certified companies will not need to provide the same level of pre-market data for each new digital health product, with some “low-risk” tools not needing any pre-market data at all. Among the companies that are initially pre-qualified under the proposed fast track program are Apple, Fitbit, and Samsung.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>