Healthcare Cybersecurity Weekly Briefing 8-11-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Cyber ‘D-Day’ Coming for Healthcare Providers, Experts Warn

Interoperability has its downsides, which is that many hospitals and accompanying centers, which could include a nursing home, make a large-scale attack more plausible. Hospitals also use 10 to 15 medical devices per bed, the newspaper reported. “Cyberattacks are very scalable. You can go from one hospital to 500 hospitals with much less effort than it takes to attack 500 hospitals physically,” said Dameff. “You can see that these risks, they explode.”


Security Flaws in Hospital Machines Run the Risk of Being Hacked

Insulin pumps, Infusion pumps, and Pacemakers are three hospital devices that can be taken over. Program Director for Cyber Sciences at Augusta University, Dr. Michael Nowatkowski said, “They have wireless access to them that again don’t require any type of authentication.” He said some devices used to save people’s lives have some cyber safety flaws. “For this particular Infusion pump it has drug libraries that are in there that limit the amount of dosage for certain drugs a hacker could go in and change those limitations,” he said.


The Health Care Industry Cybersecurity Task Force Prompts HHS to Issue a Revised HIPAA Breach Reporting Tool

Following up on the Task Force’s recommendation to provide health care officials with the knowledge and tools to manage cybersecurity threats, on July 25, 2017, the HHS Office for Civil Rights (“OCR”) launched a revised web tool, the HIPAA Breach Reporting Tool (“HBRT”). The HBRT helps individuals identify recent breaches of health information, and to learn how such breaches should be investigated and properly resolved.


How ‘Zero Trust’ Networks Can Help Hospitals Strengthen Cybersecurity

“The primary reason zero-trust makes so much sense today is that our networks no longer have an outside,” Pollard explained. “The perimeter has disappeared and organizations of all sizes have multiple third-party connections, data-sharing agreements, hybrid cloud deployments and remote users. Relying on a model that assumes if you are inside the network you must be OK is a recipe for disaster.”


Ransomware 2.0: It’s Coming, and Healthcare Needs to Get Prepared

“The latest variation on a theme regarding this threat is what can appropriately be called a ransomworm,” said Rich Curtiss, managing consultant at Clearwater Compliance, a former hospital CIO, and liaison for cybersecurity vulnerability projects with the National Cybersecurity Center of Excellence. “This is a combination of two types of malware, ransomware and a worm. While we have become all too familiar with ransomware in the healthcare sector, we have ignored other forms of malware.”


United States: Cyber Threats to The Healthcare Industry: Best Practices To Help Protect Your Organization

Recent studies suggest that healthcare organizations are the most targeted sector – and breaches in the healthcare industry are costlier than any other sector. Although attack methods continue to evolve and become more sophisticated, we continue to see companies in the healthcare industry fall victim to the same types of attacks, most of which could have been prevented or mitigated by sound security practices.


Survey: 71 Percent of Healthcare Organizations Allocate a Specific Budget to Cybersecurity

The 2017 HIMSS Cybersecurity Survey provides insight into what healthcare organizations are doing to protect their information and assets, in light of increasing cyber-attacks and compromises affecting the healthcare sector. The 2017 report focuses on the responses from 126 IT leaders who report having some responsibility for information security in a U.S.-based healthcare provider organization, such as a hospital or long-term care facility.


HIMSS Survey: Hospitals Ramping Up Cybersecurity Efforts 

Healthcare organizations are seriously stepping up their cybersecurity programs, the 2017 HIMSS Cybersecurity Survey shows.

  • Of the 126 IT leaders surveyed, 71% said their organization budgets for cybersecurity and 60% of those said the allotment is 3% or more of the overall budget.
  • The findings, released Wednesday, suggest that recent breaches and ransomware attacks — like the massive WannaCry attack that took place in May — are driving home the need for cybersecurity preparedness at hospitals and health systems.


Emerging Security Solutions for Healthcare, 2017 Report – Research and Markets

The use of connected devices for enhancing healthcare services is a growing trend. This has considerably increased the attack surfaces on healthcare networks that cyber attackers can leverage to gain access to confidential information such as electronic health records (EHRs), and patient’s personal details, amongst others. This edition of Network Security TOE provides a snapshot of the advanced security solutions for protection against advanced cyber threats in the healthcare sector. It provides a guideline for the various attack surfaces within a healthcare network and basic mitigation strategies for cyber attacks.–


Internet of Medical Things Shakes Up the Development of Medical Devices with Analytics and Cloud

While the benefits are many, IoMT has inherent IT security vulnerabilities that expose highly sensitive data to cyber and phishing attacks. Technologists are attempting to resolve this issue by employing blockchain technology, which enables a highly secure, decentralized framework for data sharing. Using a combination of artificial intelligence and blockchain technology, companies can keep an audit trail of all transactions. Predictive modeling used in combination with big data analytics can reduce healthcare costs and improve patient experiences and outcomes.


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.