Why Healthcare Security Matters

guest · Apr 26, 2019

Security Vulnerabilities Detected in ICDs: Addressing Ransomware Risk in Medical Devices
April 24, 2019
https://hitconsultant.net/2019/04/24/security-icds-ransomware-risk-in-medical-devices/#.XMMoq9jgqUl

Medical device usage is on the rise, and that reality potentially puts people at risk if those gadgets have security flaws.
Internal health devices are particularly at risk, especially since patients and providers may not immediately notice issues.

As a case in point, a recent discovery showed vulnerabilities in implantable cardioverter defibrillators (ICDs) made by Medtronic.
More Medical Devices Are at Risk
The Medtronic issue detailed above is undoubtedly concerning, but it’s necessary to also take a broader look at other devices and the dangers they pose. There are more than 190,000 medical devices in the U.S. market [...]

No single strategy exists to help hospitals take care of all ransomware attacks. Healthcare’s cybersecurity shortcomings are getting more problematic.
Tech leaders should plan periodic, facility-wide security audits that identify risks including ransomware, then take decisive action based on the audit results.
Click to expand...

ronjor · Apr 26, 2019

uBiome, the health start-up just raided by the FBI, had been double billing insurers

Christina Farr @chrissyfarr 26 Apr 2019
The FBI showed up at uBiome’s San Francisco office on Friday.
Employees were asked to hand over their computers after federal agents broke down the door, according to a person familiar with the matter.
The company is being investigated over how it bills health insurers for its microbiome health tests.
Click to expand...

guest · Apr 26, 2019

Inmediata Health Group Notifies Patients of Data Security Incident
April 26, 2019
https://www.prnewswire.com/news-rel...ents-of-data-security-incident-300838823.html

Inmediata Health Group, Corp. ("Inmediata") recently became aware of a data security incident that may have involved the limited personal and medical information of some of its customers' patients. Inmediata is directly mailing notification letters to individuals who may have been affected by this incident and to provide resources to assist them.

In January 2019, Inmediata became aware that some electronic health information was viewable online due to a webpage setting that permitted search engines to index internal webpages that Inmediata uses for business operations. Immediately after Inmediata became aware of the incident, the company deactivated the website and engaged an independent computer forensics firm to assist with an investigation. Based on the current findings of the ongoing investigation, Inmediata has no evidence that any files were copied or saved.

The information potentially involved in this incident may include patients' names, addresses, dates of birth, gender, and medical claim information. A very small group of the potentially impacted people may have Social Security numbers involved as well
Click to expand...

guest · Apr 27, 2019

Mary Stevens Hospice suffers data breach after hacking
April 26, 2019
https://www.halesowennews.co.uk/new...ns-hospice-suffers-data-breach-after-hacking/

A spokesman for the hospice said the email account of a member of staff was compromised temporarily on April 10 and a hacker was able to send a potentially malicious email to a number of the charity worker's contacts, inviting recipients to click on a fraudulent link.
The hospice's statement can be read online at http://www.marystevenshospice.co.uk/notification-hospice-data-breach/
Click to expand...

guest · Apr 28, 2019

Lauderdale County employees' sensitive information exposed
April 25, 2019
https://www.meridianstar.com/news/l...cle_6644ea28-f2ad-580c-9022-7bcfa0e94f78.html

More than 100 Lauderdale County employees had their sensitive information shared via email to other employees covered by the county's healthcare plan in an accidental exposure Tuesday.

Personal information in the email included names, social security numbers and phone numbers. Chris Lafferty, the county administrator, inadvertently shared the information in a county-wide email sharing health insurance information.
"I want to give you exactly what the (Board of Supervisors) and I see concerning your health insurance. You'll see that we are not saving any money," Lafferty said in the email. "If the current trend continues, the employee portion will most likely go up."
Emails shared with The Meridian Star didn't include the sensitive information, but showed the cost of care for the county, broken down by "diagnosis chapters" such as infectious diseases, mental disorders, pregnancy, congenital anomalies and more.
Click to expand...

ronjor · Apr 28, 2019

Google vet launches an app for patients to record their doctor’s notes, as more Silicon Valley execs migrate from tech to health

Christina Farr @chrissyfarr 28 Apr 2019
Weekly is part of a massive trend of talent migrating from the tech industry to the health sector. For many of these folks, it’s motivated by a personal experience that showed them how the current health care system could be improved.
Click to expand...

ronjor · Apr 28, 2019

Nearly 150 Million Americans Have a Chronic Disease. This Startup--and Its Reams of Data--Can Help

By Bill SaporitoEditor-at-large, Inc. @bilsap
Livongo is taking on diabetes--and other chronic conditions--with data.
Click to expand...

guest · Apr 29, 2019

NHS offers Singapore advice on healthcare security
April 29, 2019
https://www.zdnet.com/article/nhs-offers-singapore-advice-on-healthcare-security/

Having experienced the destruction of the WannaCry attack, National Health Service (NHS) underscores the importance of building up cyberdefences and ensuring the leadership team recognises cybersecurity as a top priority. Healthcare service providers also need to be proactive and think about where threats may come from next.

"There are risks and they have to make it a top priority for hospitals to keep their defences up-to-date."
Stressing the need to also be proactive in thinking about potential threats,

"Every organisation has to take the risks seriously and be very vigilant because it can happen anytime, anywhere," he said. "That's what I would share with Singapore: keep building your defences, get your leadership to take it seriously, and be proactive constantly."
Click to expand...

ronjor · Apr 29, 2019

HHS Lowers Some HIPAA Fines

Marianne Kolbasuk McGee (HealthInfoSec) April 29, 2019
Experts Weigh In on Potential Impact of the Changes
The Department of Health and Human Services is lowering its top fines for less egregious HIPAA violations. Meanwhile, it's pledging to make a "big push" to enforce patients' right to access their health records.
Click to expand...

ronjor · Apr 30, 2019

Hacking our way into cybersecurity for medical devices

Vidya Murthy April 30, 2019
Hospitals are filled with machines connected to the internet. With a combination of both wired and wireless connectivity, knowing and managing which devices are connected has become more complicated and, consequently, the institutions’ attack surface has expanded.
Click to expand...

ronjor · Apr 30, 2019

Why wearables, health records and clinical trials need a blockchain injection

Lucas Mearian By Lucas Mearian Senior Reporter, Computerworld | April 29, 2019
The future of healthcare could rely on the open transmission of patient data for any number of reasons – from treatment data to clinical trials – and one technology could serve as a secure conduit: blockchain.
Click to expand...

guest · Apr 30, 2019

Emotet Trojan Is the Most Prevalent Threat in Healtcare Systems
April 30, 2019
https://www.bleepingcomputer.com/ne...e-most-prevalent-threat-in-healtcare-systems/

Almost 80% of the malware affecting computer systems in the healthcare industry are trojans and the most common of them is Emotet, shows a report today.

The typical infection chain begins with a legitimate-looking email that tries to persuade the victim to launch a malicious file.
"Trojan.Emotet is a persistent information stealer that can target user credentials stored in browsers and listen to network traffic," the researchers say, adding that this piece of malware has affected health insurance, hospitals, pharmaceuticals, biotechnology, and medical device sectors.

Since healthcare systems manage electronic health records and historically they suffer from glaring security weaknesses, it is easy to understand the appeal cybercriminals have for this industry.
Click to expand...

Malwarebytes: Sophisticated threats plague ailing healthcare industry

ronjor · Apr 30, 2019

April 30, 2019
FTC Returns Almost $515,000 to Consumers Who Bought Deceptively Marketed “Amniotic Stem Cell Therapy” Between 2014 and 2017

The Federal Trade Commission is mailing 270 checks totaling nearly $515,000 to consumers who paid for what the agency alleged was deceptively advertised “amniotic stem cell therapy” between 2014 and 2017. The average amount each consumer will receive is $1,907.
Click to expand...

guest · May 1, 2019

Email breach exposes hospice patients
April 29, 2019
https://www.bendbulletin.com/localstate/7123939-151/email-breach-exposes-hospice-patients

An employee at Bend-based hospice Partners in Care was the victim of an email phishing attack that exposed the private health information of some patients.
Partners In Care discovered the attack on March 4 and did an “extensive” forensic investigation and manual email review, according to a press release.

The unidentified employee’s email account was accessed by the phishing attack from Nov. 17 to Dec. 12, and information contained in emails that could have been exposed may have included patient names, dates of birth, medical record numbers, medical information such as a diagnosis, labs, treatment, medications, insurance information and for a limited number of patients, Social Security numbers.
Click to expand...

guest · May 1, 2019

Security breached of Ayushman Bharat
April 30, 2019
http://www.ehackingnews.com/2019/04/security-breached-of-ayushman-bharat.html

Ayushman Bharat, the government run health insurance programme, on Saturday confirmed that there had been an attempted security breach. “There have been attempts to get illegal access to large medical data including sensitive personal information,’’ said Dr. Indu Bhushan, CEO Ayushman Bharat - Pradhan Mantri Jan Arogya Yojana.

Alerted about the intrusion 48 hours ago, the National Health Authority — which administers the programme — has now written to all State Governments alerting them about the threat and warning that no sensitive data be shared.
“We have this data enveloped in multiple layers of security which is tough to penetrate,” explained Dr. Bhushan. “We also have a stringent access system for those within Ayushman Bharat and we were alerted, almost immediately, when the breach was attempted,’’ he said.
Click to expand...

ronjor · May 1, 2019

The US Urgently Needs New Genetic Privacy Laws

Megan Molteni 05.01.19
Twenty years ago, you had about a one in six billion chance of knowing someone who’d had their DNA sequenced. Today, almost every American can name someone who’s had some form of genetic testing.
Click to expand...

guest · May 1, 2019

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members
April 29, 2019
https://securitydiscovery.com/skymed/

On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data allegedly belonged to Florida based SkyMed.
According to their website, SkyMed has been offering premium medical emergency evacuation memberships since 1989. The concept is simple: if you are on vacation or traveling and have an emergency they will evacuate you or your loved one back home to the US for treatment or medical care.

Inside the database was each member’s file that included personally identifiable information and some accounts had medical information or notes about the user.
It is unclear if this incident was reported to members, 0r the authorities as required by HIPAA and Florida breach and notification laws. Despite several attempts and a request for comment regarding this data incident, SkyMed has not responded or commented at the time of this publication.
Click to expand...

ronjor · May 2, 2019

Alerts: Vulnerability in Philips Records System

Marianne Kolbasuk McGee (HealthInfoSec) May 2, 2019
The Department of Homeland Security and healthcare IT vendor Philips have issued alerts about a security vulnerability in the company's Tasy electronic medical records system that could put patient data at risk.
Click to expand...

guest · May 3, 2019

United Arab Emirates: New law regulating data in the health sector
May 3, 2019
https://blogs.dlapiper.com/privacym...new-law-regulating-data-in-the-health-sector/

The United Arab Emirates (UAE) federal government has issued Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields (“ICT Health Law”).
The objectives of this law are to:
• ensure the optimal use of ICT in health fields;
• ensure safety and security of health data and information.
[...]
Failure to comply with the requirements of the ICT Health Law in respect of data localization is punishable by a fine of between AED 500,000 – 700,000 (approximately USD 136,000 – 190,500).

Given that many health care service providers and health sector participants will already be using cloud based systems it is not clear to us if the Ministry or relevant health authorities are planning to enforce this immediately, or if there will be some grace period.
Click to expand...

guest · May 3, 2019

Sensitive patient records found on Cork city street
May 3, 2019
https://www.irishexaminer.com/break...records-found-on-cork-city-street-921765.html

Documents with sensitive patient data identifying children and adults, details of surgical procedures, and reasons for missing appointments have been found on a busy city-centre street in Cork.
The highly personalised information relating to patients attending Cork University Hospital (CUH) for plastic surgery [...]

The data includes admission and discharge dates, the treating clinicians, and whether the patient is public or private.
He said either the HSE’s data protection protocols aren’t robust enough, “or staff aren’t being properly trained to implement them”.
Click to expand...

guest · May 4, 2019

mood said: ↑

Sensitive patient records found on Cork city street
May 3, 2019
https://www.irishexaminer.com/break...records-found-on-cork-city-street-921765.html
Click to expand...

Finder of patient details accused by HSE of data breach
May 4, 2019
https://www.irishexaminer.com/break...ils-accused-by-hse-of-data-breach-922004.html

A man who found sensitive patient data on a city centre street and who highlighted his concerns in the media has been accused by the HSE of a data breach.
He said he is “disappointed” with the HSE response “because the real story is that there have been two major HSE breaches in patient data in the space of a week [the other related to patients attending Our Lady of Lourdes Hospital, Drogheda] and this seems like an unfair attempt to divert attention away from that”.

“The person who discovered the data and voluntarily disclosed it to the third party has been advised by the HSE that as this constitutes an unauthorised disclosure of the personal data, there is now an obligation on that person to report this as a further data breach to the Data Protection Commission”.
Click to expand...

ronjor · May 4, 2019

CVS exec: 'We don't discount Amazon'

Rebecca Pifer@RebeccaMPiferPublishedMay 3, 2019
Dive Brief:
Amazon's entry into healthcare is welcome but unlikely to kick off any huge system-wide change, according to the executive vice president and chief policy and external affairs officer of CVS Health.
"They are very good at testing and learning," CVS EVP Tom Moriarty told Healthcare Dive at the Association of Healthcare Journalists annual conference Friday. "We don't discount them."
Moriarty, along with Humana Chief Medical Officer William Shrank and UnitedHealth Group Enterprise executive vice president Austin Pittman, contend they welcome Amazon into the healthcare arena, and said there are enough problems to solve within the $3.5 trillion health economy.
Click to expand...

ronjor · May 6, 2019

$3 Million HIPAA Settlement in Delayed Breach Response Case

Marianne Kolbasuk McGee (HealthInfoSec) May 6, 2019
Federal regulators have reached a $3 million HIPAA settlement in a case alleging that a medical imaging services provider delayed investigating and mitigating a breach involving patient information leaking onto the internet via a web server - and delayed notification of victims as well.
Click to expand...

guest · May 7, 2019

As concerns over medical device security rise, MedCrypt raises $5.3 million
May 7, 2019
https://techcrunch.com/2019/05/07/a...ce-security-rise-medcrypt-raises-5-3-million/

As medical devices move to networked technologies, securing those devices becomes increasingly important.

“Internet-connected medical technology is entering the market at light speed, calling for devices to be secure by design, which leads to a heightened level of patient safety at all times,” said MedCrypt chief executive Mike Kijewski in a statement.
Securing patient data has been a longtime requirement for health technology companies, but both patient records and hospital networks are dangerously vulnerable to cyberattacks.

Investors have recognized the problem and are investing more into companies focused on the healthcare market specifically. MedCrypt’s competition for these security dollars include companies like Medigate, which raised $15 million earlier this year.
Click to expand...

guest · May 7, 2019

VCU patient’s personal information stolen twice
May 7, 2019
https://www.virginiafirst.com/news/...-personal-information-stolen-twice/1984456740

Imagine having your personal and medical information stolen not once, but twice. It happened to a VCU Health System patient. And it was an inside job.

"It's extremely frustrating," said that patient, who our sister station WRIC is not identifying. "You live in that fear, will my money be taken, will accounts be opened up in my name?"
The news of the security breach came in a letter. It stated her "clinical information, name, social security number, diagnosis and medications” had been inappropriately accessed by an employee.

She says that’s because it's the second time in five years her personal and private information has been compromised at VCU Health System. She says VCU refused to tell her where it happened.
Click to expand...

Log in or Sign up

Why Healthcare Security Matters

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

ronjor Global Moderator

ronjor Global Moderator

guest Guest

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

ronjor Global Moderator

ronjor Global Moderator

guest Guest

guest Guest

Log in or Sign up

Why Healthcare Security Matters

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

ronjor Global Moderator

ronjor Global Moderator

guest Guest

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

ronjor Global Moderator

ronjor Global Moderator

guest Guest

guest Guest

Useful Searches