Healthcare Cybersecurity Weekly Briefing 11-17-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

If Hackers Attacked the Hospital
Take robotic surgical systems. As a test, researchers at the University of Washington in 2015 hacked into and maliciously controlled the Raven II Surgical Robot, which can be operated from afar. While the possibility of an evil genius commandeering a robotic surgical system seems a bit far-fetched, malware reportedly slowed down fetal monitors used on women with high-risk pregnancies at one hospital.

 

HHS Cybersecurity Initiative Paralyzed by Ethics, Contracting Investigation
A fledgling HHS initiative to protect the nation’s health care system from cyberattack has been paralyzed by the removal of its two top officials amid allegations of favors and ethical improprieties. The executive running the Health Cybersecurity and Communications Integration Center was put on administrative leave in September, while his deputy left the government. An HHS official says the agency is investigating irregularities and possible fraud in contracts they signed.


Beyond Data: Are Connected Medical Equipment and Wearables the Next Big Target for Cyberattack?

Attacks targeting medical equipment with the aim of extortion, malicious disruption or worse, will rise. The volume of specialist medical equipment connected to computer networks is increasing.  Many such networks are private, but one external Internet connection can be enough for attackers to breach and spread their malware through the ‘closed’ network. Targeting equipment can disrupt care and prove fatal – so the likelihood of the medical facility paying up is very high.

 

At Texas Health Resources, A Strategic Approach to Evolving Cybersecurity Challenges 
Healthcare CI­SOs face complex and challenging issues with respect to information security, including rapidly evolving mal­ware threats, insider data breaches and the increasing use of medical Internet of Things (IoT) devices across their organizations. […] The health system’s CISO, Ron Mehring, says the or­ganization is migrating data centers housed in individual hospitals to “sophisticated, advanced co-location facili­ties” and the new data centers provide increased secu­rity controls and protections.

 

A CISO Sizes Up Healthcare Security Threats for 2018
In the year ahead, cyber threats to the healthcare sector will continue to evolve from attacks primarily involving the theft of health data to assaults aimed at disrupting organizations’ operations, predicts Sean Murphy, CISO of health insurer Premera Blue Cross. “I see more disruption in the industry around cybersecurity – it’s more than data exfiltration as a concern. I see more ransomware attacks and denial-of-service attacks … and more of an effort to disrupt the system, the critical infrastructure even more so than trying to get at the data[.]”

 

One-Fifth of Healthcare Organizations Still Run XP
It doesn’t help that a fifth still have Windows XP machines running on their network, while 18% have connected medical devices running on the legacy OS. Over a quarter (26%) said they either can’t or don’t know if they can update such systems, which is worrying considering the explosion in endpoints of late: nearly half (47%) of HCO pros surveyed manage over 5000 networked devices.

 

Survey: 26 Percent of Healthcare Organizations Would Pay Ransom in a Cyber Attack 
A survey of 300 healthcare IT professionals in the U.K. and the U.S. found that 26 percent reported that their organization would be willing to pay a ransom in the event of a cyber attack. Of these, 85 percent of UK healthcare IT professionals and 68 percent of U.S. healthcare IT professionals have a plan in place for this situation.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>