HIPAA Security Requirements: What They Really Mean

The University of Texas M.D. Anderson Cancer Center was having a hard time protecting patient electronic health information. In 2012, an employee’s laptop, containing ePHI for about 30,000 patients was stolen. The same year, a trainee lost an unencryp… Continue reading HIPAA Security Requirements: What They Really Mean

Hackers Calling Fair Game on Healthcare Institutions

The year 2019 saw big consumer brands get hacked: from Facebook to Capital One, every day people were urged to double-check their bank accounts and credit card statements to ensure their information had not been stolen. The prime target: all of your p… Continue reading Hackers Calling Fair Game on Healthcare Institutions

DEF CON 27, Bio Hacking Village, Dr Avi Rubin’s ‘Beyond The Firmware: The Attack Surface of a Networked Medical Device’

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.
Permalink
The post DEF CON 27, Bio Hacking Village, Dr Avi Rubin’s &#8216… Continue reading DEF CON 27, Bio Hacking Village, Dr Avi Rubin’s ‘Beyond The Firmware: The Attack Surface of a Networked Medical Device’

Medieval Diseases Find New Vector In United States: The Homeless

via Anna Gorman writing at The Atlantic (along with Kaiser Health News) are sounding the klaxxon horns in warning of an astonishing fact in the United States: The influx of infectious diseases in the homeless populations of several states. This my fri… Continue reading Medieval Diseases Find New Vector In United States: The Homeless

Medigate raises $15 million Series A for medical device security

Medigate, a startup that offers cybersecurity services specific to medical devices, has raised $15 million in Series A funding, the company announced Tuesday. Medigate provides a platform that is meant to identify medical devices on a network, fingerprint them then monitor those devices for suspicious behavior. Mecical devices need specialized security attention that is not satisfied with broader forms of internet of things security, according to Medigate CEO Jonathan Langer. “For medical devices, general IoT security falls short,” Langer told CyberScoop in an email. “The uniqueness of the devices, the sheer volume of different types of devices and the complexity of clinical networks is daunting. The ability to find and secure devices, from MRIs to glucose meters and to alert a hospital of anomalies requires security that understands clinical networks.” The company says the platform considers not just basic indicators like IP addresses, but also context such as the device’s model and purpose. […]

The post Medigate raises $15 million Series A for medical device security appeared first on CyberScoop.

Continue reading Medigate raises $15 million Series A for medical device security

Health agency looks to bolster cybersecurity with new guidelines for industry

2018 was a busy year for cyberthreats to the health care sector, with more than 3 million patient records breached in the second quarter alone, according to one study. In an effort to learn from those incidents – and build on security progress in the sector – the Department of Health and Human Services (HHS) capped the year by releasing voluntary cybersecurity guidelines for health care professionals. The document, published Dec. 28 and developed with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of cyber incidents and outlines steps practitioners can take to better secure their systems. HHS lent urgency to the guidelines’ release by underscoring that the same technologies that provide critical treatment to patients can be exploited by hackers to steal patient data or disable hospital systems. “We are under constant cyberattack in the health sector, and no organization can escape that reality,” […]

The post Health agency looks to bolster cybersecurity with new guidelines for industry appeared first on CyberScoop.

Continue reading Health agency looks to bolster cybersecurity with new guidelines for industry

Ransomware infects hospitals in Ohio, West Virginia

Ransomware has infected two hospitals in Ohio and West Virginia, a spokeswoman said Monday. A ransomware attack affected the Ohio Valley Medical Center and East Ohio Regional Hospital, Karen Janiszewski, spokeswoman for parent company Ohio Valley Health Services & Education Corp., confirmed in an email to CyberScoop. The attack Friday prevented the two hospitals, which together have 340 beds, from receiving patients via ambulance through at least part of Thanksgiving weekend, Ohio’s The Times Leader reported. No patient data was compromised and the hospitals could accept walk-in patients, according to the paper. The two hospitals are “the area’s only comprehensive behavioral and mental health services and board certified emergency services on both sides of the Ohio River,” which separates Ohio and West Virginia, according to their website. This attack is only the latest to strike U.S. medical facilities. Health care organizations have been on the frontlines of recent ransomware infections, with nearly a quarter of the 67 SamSam ransomware […]

The post Ransomware infects hospitals in Ohio, West Virginia appeared first on Cyberscoop.

Continue reading Ransomware infects hospitals in Ohio, West Virginia

SamSam ransomware group has hit 67 organizations in 2018, researchers say

The group behind the disruptive SamSam ransomware has attacked 67 different organizations in 2018, nearly a quarter of which were health care organizations, new research shows. SamSam, which is deployed in a more targeted way than other ransomware, hobbled Atlanta’s municipal agencies in March, and it was reportedly the malware that struck medical-testing giant LabCorp in July. On Tuesday, cybersecurity company Symantec released data showing that of the 67 organizations targeted by the SamSam group in the last 10 months, more than 80 percent are based in the United States. “SamSam continues to pose a grave threat to organizations in the U.S.,” a Symantec blog post states. “The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks.” It is unclear why the group has its sights on the health care sector, Symantec said. “The attackers may believe that health care organizations are easier to infect. […]

The post SamSam ransomware group has hit 67 organizations in 2018, researchers say appeared first on Cyberscoop.

Continue reading SamSam ransomware group has hit 67 organizations in 2018, researchers say

CMS portal breach exposes 75,000 individuals’ records

An online portal run by the Centers for Medicare & Medicaid Services experienced a breach last week, giving hackers access to 75,000 people’s files, the agency announced on Friday. The breached portal is one used by health insurance agents and brokers assisting people with direct enrollment in the government’s Federally Facilitated Exchanges (FFE). CMS did not say what kind of information the exposed records contain or whether they belong to agents and brokers or insurance-seekers. “While this is a small fraction of consumer records present on the FFE, any breach of our system is unacceptable,” the agency said. CMS said it began investigating “anomalous system activity” on Saturday, Oct. 13 and declared a breach the following Tuesday. The agency did not say why it waited until Friday to publicly disclose the breach. CMS, an agency within the Department of Health and Human Services, did not respond to a request for […]

The post CMS portal breach exposes 75,000 individuals’ records appeared first on Cyberscoop.

Continue reading CMS portal breach exposes 75,000 individuals’ records