WannaCry
See the following -
Sidelined HHS Deputy Chief Information Security Officer blasts agency, claims cybersecurity center 'decimated'
After being abruptly placed on admin leave, Leo Scanlon opens up about his 150-day leave, “dirty politics,” and what it means for the future of the HCCIC cybersecurity initiative...HHS’ HCCIC had overwhelming support from Congress and industry leaders when it launched as part of a partnership with the National Health Information Sharing and Analysis Center (NH-ISAC). It was designed to take a leadership role facilitating threat intelligence and other cybersecurity related information sharing and, in fact, played a pivotal role in fighting the global WannaCry attack in June of 2017.
- Login to post comments
HHS cybersecurity center so unstable staff don't know if it exists, Congress argues
The Senate HELP and House Energy and Committees are highly concerned about the U.S. Department of Health and Human Services’ cybersecurity plan, preparedness and the lack of leadership of its Healthcare Cybersecurity and Communications Integration Center -- and is demanding answers from HHS Secretary Alex Azar. The bipartisan letter to Azar outlines a laundry list of issues at HHS when it comes to its security plan. Among them, includes the temporary reassignment of two senior HCCIC officials in charge of the day-to-day operations.
- Login to post comments
HHS Emergency Update 2 - International Cyber Threat to Healthcare Organizations
[The HHS Office of the Assistant Secretary for Preparedness and Response] held our sector call today with over 1800 participants. The information below is responsive to several requests for information noted on the call. In addition, we would like to flag for the community that a partner noted an exploitative social engineering activity whereby an individual called a hospital claiming to be from Microsoft and offering support if given access to their servers. It is likely that malicious actors will try and take advantage of the current situation in similar ways. Additionally, we received anecdotal notices of medical device ransomware infection. Please note the directions below.
- Login to post comments
HIMSS19: Open Source Software for Disaster Preparedness and Response
Although not officially listed as a track at the HIMSS19 conference, there are a series of very important presentations on the use of open source software for disaster preparedness and response. This is a critical topic that we have covered extensively in Open Health News. As we detailed in this article, there was a major failure in being able to provide victims of Hurricane Harvey, as well as Hurricane Irma and Hurricane Maria with access to their medical records. Few emergency medical responders could access their records either. The two success stories that came out of the hurricanes were two open source electronic health record (EHR) systems, OpenEMR and the VA's open source VistA EHR.
- The Future Is Open
- Login to post comments
How Cyber Hardening Can Protect Patient Privacy And Treatment
The abundance of internet-connected devices that collect and share patient data has greatly increased the “attack surface” (where an attacker inserts or extracts data) and number of possible vulnerabilities within a system. Now that medical devices can connect to home-based routers, public Wi-Fi or cellular networks to relay data to hospitals, specialists, and care providers. In addition, the software in those devices lacks cybersecurity and can be updated and reprogrammed remotely. Thus, sensitive patient information is even more prone to data breaches, and the safety of the devices can be compromised. Recent supply chain compromises, and the migration of health applications and platforms to the cloud, also add to the threat equation. This article looks at why the medical community is so vulnerable and suggests how it can better protect life-saving equipment and sensitive data from unprecedented cyberattacks.
- Login to post comments
Petya: The Poison Behind the Latest Ransomware Attack
First thing is first: If you're running Windows, patch your systems! The latest variant of Petya, GoldenEye, can attack if, and only if, one of your Windows PCs still hasn't been patched with Microsoft's March MS17-010. Microsoft thought patching this bug was important enough that it even patched it on its unsupported Windows XP operating system...
- Login to post comments
Securing Health Data Means Going Well Beyond HIPAA
A two-decade-old law designed to protect patients’ privacy may be preventing health care organizations from doing more to protect vulnerable health care data from theft or abuse. The Health Insurance Portability and Accountability Act (HIPAA) established strict rules for how health data can be stored and shared. But in making health care providers vigilant about privacy protection, HIPAA may inadvertently distract providers from focusing on something just as important: overall information security...
- Login to post comments
Healthcare IT & Analytics Summit 2018
The Healthcare IT & Analytics Summit is a gathering for C-Suite & Industry Thought Leaders to discuss IT, Data & Analytics, and cybersecurity challenges currently facing the healthcare industry. We will examine such issues as patient care, controlling costs, improving reimbursements, securing patient and data privacy, and transforming data into actionable information to make smarter business and clinical decisions.
- Login to post comments