HEALTHCARE INFOSECURITY NEWSLETTER

August 2017

Healthcare is Turning a Corner on Cyber Security, New HIMSS Research Shows

Tom Sullivan, healthcareitnews.com, August 10, 2017

Despite the consensus that healthcare is widely underprepared for protecting patient data, more and more hospitals are making cybersecurity a significant clinical and business necessity than in the past.

Read More

A Pen Tester’s Perspective on Petya Ransomware

Noah Powers, deltarisk.com, July 26, 2017

There’s no shortage of analysis on the Petya ransomware strain that struck organizations across the globe in the past month. You can find blog posts and articles covering practically every angle – from the machine language nuances of the code, to the length of the encryption key, to the possible nationality of the code writer.

Read More

Could Cybercriminals Be on the Verge of Executing a New, Terrible Type of Attack on Healthcare?

Mark Hagland, healthcare-informatics.com, July 31, 2017

An excellent “Perspective” op-ed article published online earlier this month in The New England Journal of Medicine is bringing forward for industry leaders to consider, a very important and alarming new possibility around data breaches involving PHI (protected health information). Could criminal hackers actually tamper with critical clinical information contained within electronic health records (EHRs), to the potential devastation of patients?

Read More

Massive Healthcare Fraud Takedown Sees 412 Charged for $1.3 Billion in Fraudulent Billings

HIPAA Journal Staff, hipaajournal.com, July 19, 2017

Last week, the United States Department of Justice announced the largest healthcare fraud action to date. 412 individuals were charged, including 115 doctors, nurses and other medical professionals for their roles in healthcare fraud schemes. 120 doctors and other medical professionals were charged for prescribing opioids and other dangerous narcotics.

Read More

What We Learned From the 2017 National Insider Threat Symposium and Expo

Devesh Panchwagh, deltarisk.com, July 21, 2017

The 2017 National Insider Threat Symposium and Expo, hosted by the National Insider Threat Special Interest Group (NITSIG), put the spotlight on insider threat detection, behavior patterns, program development, law enforcement, legal ramifications, and future challenges. The one-day event consisted of speakers from a mix of backgrounds, including insider threat risk mitigation experts, private sector business professionals, and U.S. government and defense contract thought leaders.

Read More

Hackers and Hospitals: An Infographic on Medical Device Security

Medium Staff, medium.com, August 4, 2017

Of all of the connections brought about by the Internet of Things, nothing is more frightening than the notion of an unsecured medical device. The magnitude of risk associated with medical devices and the Internet of Things is a gripping proposition with 67% of medical device makers expecting an attack on their devices while only 17% taking measures to prevent an attack, according to Ponemon.

Read More

In a Ransom DDoS Attack, It Doesn’t Pay to Pay

Pymnts Staff, pymnts.com, August 4, 2017

The distributed denial-of-service (DDoS) attack has made a massive resurgence in Q2, particularly Ransom DDoS, or RDoS. In an RDoS attack, cybercriminals threaten to launch a DDoS attack on a victim’s critically important online resources if they don’t pay up. The threat is often accompanied by a smaller-scale DDoS attack to demonstrate that the criminal means business.

Read More

Beware of These Top 10 Phishing Emails. Would You Fall for Them?

Robert Hackett, fortune.com, July 13, 2017

One hazard of being a cybersecurity reporter is that attackers send phishing emails to my inbox on a daily basis. If you don’t believe me, ask the security team at Time Inc., Fortune’s parent company.

Read More

Children Especially Vulnerable to Cybersecurity Attacks in Health Care

AAP Division of Quality, aappublications.org, July 20, 2017

As electronic options to provide and access patient health information increase, so too can opportunities for hackers to steal that information or hold it hostage if medical professionals do not maintain and upgrade their cybersecurity .

Read More