Healthcare Cybersecurity Weekly Briefing 7-21-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Strengthening Cybersecurity Should Not Compromise Healthcare Delivery
With increased regulation, new measures should make cybersecurity easier and more accessible. New authentication techniques and data segregation could help streamline security into the industry, as well as increase the time doctors spend with patients. However, the solutions are not as simple as imagined. Strengthening our cybersecurity through comprehensive efforts and training must be balanced against the quality healthcare.

Why Has Healthcare Become Such a Target for Cyber-Attackers?
Part of the reason for the threat against the healthcare sector is that it is classed as national critical infrastructure, alongside water, electricity and transport networks. This makes it an attractive target for those hackers wanting to cause chaos, especially from a hostile foreign country. Attacking a healthcare organization that is part of a wider network of infrastructure could also provide a way in to other critical facilities.

Are Destructive Exploits the New Wave in Cyberattacks on Healthcare?
Mike Hamilton, founder and President of Critical Informatics, Seattle: Health care is known to be particularly monetizable by organized crime in that the sector cannot afford to have critical services disrupted, will pay the ransom, making it low-hanging fruit for extortion — ransomware is a form of extortion. Additionally, theft of records to sell on dark markets is still problematic, but the number of health records available now has resulted in a bit of a glut, resulting in declining value per record. Extortion is much simpler and produces a better “return on investment” than records theft.

Meditologys New White Paper Affirms Perfect Cyber Storm Striking Healthcare Organizations at Critical Juncture
Referencing a recent report from CORL Technologies, Meditology’s sister company focused on healthcare vendor security risk management, Selfridge noted that third party providers have yet to be effective in adequately protecting PHI to comply with regulatory and risk management standards. Equally alarming is that only 26 percent of outsourced service BAs retain a security certification (HITRUST, SOC 2 Type 2, ISO 27001, and FedRAMP). ?That’s one in four business associates, which is great cause for worry,” he said.—s-New-White-Paper-Affirms-Perfect-Cyber-Storm-Striking-Healthcare-Organizations-at-Critical-Juncture-5041401

The Healthcare Industry is in for a Rude Cybersecurity Awakening
“IoT technology presents special challenges to a healthcare organization’s ability to protect itself from both insider threats as well as external cyber-attacks across a wide range of attack vectors, as demonstrated by the most recent WannaCry ransomware and NotPetya wiperware attacks,” said Xu Zou, CEO and cofounder of ZingBox. “As these attacks continue to step to the forefront, companies deploying IoT devices need to be more cognizant than ever of their security measures.”

Applying Healthcare Information Sharing to Data Security
“Information sharing is useful for all types of incidents and threats,” Kim wrote. “Whether there is a threat of something actually occurring or an incident has actually occurred, both threats and incidents have indicators to help determine what has occurred (in the case of an incident) or what may occur (in the case of a threat).” For healthcare specifically, Kim explained that information sharing can occur within any organization, sector-wide, or even occur between or among several critical infrastructure sectors and/or industries.

Only Half of Healthcare Professionals Report Their IT Infrastructure Is Safe from Cyber Attacks
Meanwhile, 15 percent of healthcare professionals responded they do not think their information technology infrastructure is secure, and another 15 percent responded that they are working on securing their information technology infrastructure. What’s more, a final 15 percent said that they were unsure of their IT infrastructure’s security against an attack. […] Almost one-third (30 percent) of respondents said their organization has faced some form of cyberattack, while a little more than half (54 percent) reported they had not been attacked and 12 percent said they were unsure.

Cyberattack on Ukrainian Clinics, Pharmacies Worries Experts
“You cannot attack hospitals,” said Duncan Hollis, a Temple University professor and a former treaty lawyer for the U.S. State Department. Although what happened at Podkopaieva’s clinic fell short of the death and destruction that would constitute an unambiguous “attack,” Hollis said the disruption was still a step in a dangerous direction. “It’s getting close to, if not across the line of, actual harm that international law might be prohibiting,” he said.


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.