Healthcare Information Security

Cybersecurity in Healthcare

Health IT Security Weakness Found by ONC Challenge Winner

May 25, 2018 - The Secure API Server Showdown Challenge stage 2 winner, 1upHealth, was able to uncover a health IT security weakness in a Fast Healthcare Interoperability Resources (FHIR) server database, announced the HHS Office of the National Coordinator for Health Information Technology (ONC). ONC sponsored the challenge to engage the health IT industry in identifying FHIR servers that follow industry-wide...


More Articles

PHI Data Security at Risk in Medtronic’s N’Vision Programmer

by Fred Donovan

Medtronic’s N’Vision clinical programmer does not encrypt protected health information (PHI) or personally identifying information (PII) stored on the machine, putting PHI data security at risk to an attacker with physical access...

Ransomware Attack Worries Healthcare IT Pros the Most

by Fred Donovan

A ransomware attack is the type of cyberattack that most worries healthcare IT professionals, according to a survey of 102 HIMSS18 attendees by security firm Imperva. Almost 10 percent of those surveyed had paid a ransom or extortion fee, while...

Older Healthcare OSes Open to Cybersecurity Vulnerabilities

by Fred Donovan

The healthcare industry is the slowest industry in upgrading to Windows 10, meaning that many in healthcare are running older versions of Windows more susceptible to cybersecurity vulnerabilities, according to the latest data from Duo Security....

HITRUST Unveils Certification for NIST Cybersecurity Framework

by Fred Donovan

The Health Information Trust Alliance (HITRUST) launched May 22 a certification program for the NIST Cybersecurity Framework (CSF) that makes it easier for security teams to report on their implementation of the framework to upper management,...

Most Healthcare Workers Admit to Non-Secure Healthcare Data Sharing

by Fred Donovan

Most healthcare workers surveyed admit to non-secure healthcare data sharing using email. A disturbing 87 percent of healthcare workers admit to using non-secure email to send sensitive information, including PHI, according to survey data provided...

Healthcare Least Prepared for Ransomware Attacks, Other Cyberattacks

by Fred Donovan

The healthcare and public health sector is the least prepared of the critical infrastructure industries for ransomware attacks and other types of cyberattacks, according to a recent Pwnie Express survey of 582 IT security professionals . The...

Healthcare Data Security Programs Get Short Shrift in IT Budgets

by Fred Donovan

Healthcare data security programs continue to be underfunded and understaffed, a Black Book Market Research cybersecurity survey of close to 2,500 healthcare security professionals found. Almost all of the respondents agreed that cyberattackers...

ICS-CERT Dings Silex, GE for Wireless Cybersecurity Vulnerabilities

by Fred Donovan

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an advisory May 8 warning about cybersecurity vulnerabilities in wireless medical equipment made by Silex Technology and GE Healthcare. The vulnerabilities—improper...

Philips CT Scanner Cybersecurity Vulnerabilities Pose PHI Risk

by Fred Donovan

Cybersecurity vulnerabilities in Philips Brilliance CT scanners could be exploited by an attacker to steal protected health information (PHI) and other sensitive data files, warned the Industrial Control Systems Cyber Emergency Response Team...

UnityPoint Allegedly Mishandled Healthcare Data Breach

by Fred Donovan

UnityPoint Health delayed reporting a healthcare data breach, incorrectly told affected patients that their Social Security numbers were not part of the breach, and declined to compensate victims for damage to their credit from the breach, charged...

1.13M Records Exposed by 110 Healthcare Data Breaches in Q1 2018

by Fred Donovan

Around 1.13 million patient records were compromised in 110 healthcare data breaches in the first quarter of 2018, according to data released May 3 in the Protenus Breach Barometer. Healthcare insiders were most likely to snoop on family members—a...

5 Critical Healthcare Data Security Implementations for Providers

by Bill Kleyman

I get the chance to work with smaller clinics and very large healthcare providers. If you hide the name and the size of the organization, many of them share very similar security concerns. The good news is that innovation in the healthcare data...

Healthcare Industry Takes Brunt of Ransomware Attacks

by Fred Donovan

The healthcare industry is taking the lion’s share of ransomware attacks, according to a threat report released May 1 by endpoint security firm Cylance. Ransomware attacks grew three-fold last year, with healthcare being affected the most...

Scenic Bluffs’ Healthcare Data Breach Could Affect 2,889

by Fred Donovan

Wisconsin-based Scenic Bluffs Community Health Centers said that it experienced a healthcare data breach in which attackers gained access to a staff member’s email and may have stolen information on 2,889 patients, according to a press...

SamSam Ransomware Attacks Focus on Victims Who Will Pay Up

by Fred Donovan

Cybercriminals carrying out SamSam ransomware attacks, which have been identified by HHS as posing a significant threat to healthcare organizations this year, focus on victims that are most likely to pay to get their data back, such as hospitals,...

BD Medical Gear Suffers from Wi-Fi Cybersecurity Vulnerabilities

by Fred Donovan

Certain BD Pyxis medication and supply management products that connect to Wi-Fi have cybersecurity vulnerabilities that open them up to a key reinstallation attack (KRACK) in which an attacker could access, read, and manipulate encrypted data,...

Does Quantum Computing Threaten Healthcare Data Security?

by Fred Donovan

While some in healthcare see quantum computing as a way to harness big data to improve healthcare diagnostics and drug development, others see it as a threat to healthcare data security. Last year, IBM launched an initiative, IBM Q, to bring...

House Wants Advice on Easing Device Cybersecurity Vulnerabilities

by Fred Donovan

The House Energy and Commerce Committee wants public input on how to reduce cybersecurity vulnerabilities in legacy healthcare IT systems and medical devices. Citing the 2017 WannaCry ransomware attack that exploited a flaw in a 30-year software...

Orangeworm Jeopardizes Healthcare Data Security at Large Firms

by Fred Donovan

A new cyber group called Orangeworm is undermining healthcare data security at large firms using malware known as Trojan.Kwampirs to gain remote access to compromised computers, warned security firm Symantec in a new report released April 23....

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks