Healthcare Cybersecurity Weekly Briefing 9-22-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Can MSSPs Help Address the Cyber Workforce Shortage for Healthcare?
A good MSSP can handle most, if not all, of the security tasks in your organization. Whether it’s actively probing internal networks or scouring intelligence reports and external data sources via hunt teams, MSSPs help organizations stay ahead of emerging threat activity. They can also assist organizations in preventing and recovering from ransomware attacks.


Cybersecurity is Hard, Got It? But Let’s Stop Blaming Hospitals for Every Breach
Infosec executives and security teams, at the same time, need to stop blaming the end users they support. “The most insidious part of being a security professional?” Figueora said. “The mantra: People are the weakest link.”  Many would argue that’s true and I won’t counter because the more important reality is the downstream effect such a mindset creates.


Cybersecurity is Not a Cost, It’s an Investment, Experts Say
University of California Irvine Health CIO Chuck Podesta knew this when he joined the health system three years ago after working in a similar capacity in Vermont. So getting the medium-sized academic medical center to invest $7 to $8 million the first year came down to telling the CEO, and other executives, that it would cost them a lot more if the system suffered a data breach. And not just financially due to fines and possibly civil suits. The CEO would have to apologize to the community.


HITRUST Urges Collaboration for Improved Healthcare Cybersecurity
Lehmann added that the day’s events with HITRUST and PwC spent a good amount of time discussing best practices in risk management, risk assessments, and how to properly leverage certain best practices. “Overall, there aren’t enough of these types of meetings that happen,” he stated. “And for us to begin to build a community around health information security and share some of those best practices, is a step in the right direction.”


Why Infusion Pumps Are So Easy to Hack
According to the NCCoE, wireless infusion pumps can be infected by malware, which can cause them to malfunction or operate differently than intended. And traditional malware protection could negatively impact the pump’s ability to operate efficiently, the agency noted. Most of these pumps contain a maintenance default passcode, the NCCoE said, and if organizations do not change the default passcode when provisioning pumps, or if they do not periodically change the passwords after pumps are deployed, the device will be more vulnerable to attack.


Partnership Hopes to Help Organizations Better Gauge 3rd Party Cyber Risks
Integrating BitSight’s objective, quantitative measurements of companies’ security performance into the CyberGRX Exchange provides a comprehensive view of third-party cyber risk, the companies said. The combination of BitSight’s security ratings, generated through externally observable data, with CyberGRX’s third-party cyber risk assessments can enable organizations to make more informed decisions and scale their third-party risk programs, the companies added.


HIT Think How Healthcare Organizations are Boosting Security for IT systems 
Surveyed organizations stated that healthcare-information security is a board-level discussion regularly, with at least annual board discussions in 93 percent of cases; 62 percent of providers stated that they discuss security with their board at least quarterly. These results suggest that both interest in and support for effective security measures have grown. No doubt the increased number of very public information breaches has influenced the increased interest and support.


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.