Healthcare Information Security

Healthcare IT Security

Cybersecurity Vulnerabilities Flagged in Roche Handheld Devices

November 7, 2018 - ICS-CERT is warning about cybersecurity vulnerabilities in Roche point-of-care handheld medical devices. The devices, which go by the names Accu-Chek and CoaguChek, suffer from improper authentication, OS command injection, unrestricted upload of file with dangerous type, and improper access control vulnerabilities. The improper authentication vulnerability could enable attackers in...


More Articles

Many IT Pros Lack Budget for Connected Medical Device Security

by Fred Donovan

A disturbing 41 percent of healthcare IT professionals do not have a separate or sufficient budget for connected medical device security, according to a recent survey by Propeller Insights on behalf of Zingbox. Despite this lack of...

Healthcare Makes Up One-Quarter of SamSam Ransomware Attacks

by Fred Donovan

Healthcare organizations have accounted for one-quarter of SamSam ransomware attack victims so far this year, said security firm Symantec in a recent blog post.  In total, 67 different organizations across sectors have been...

Only 29% of Healthcare Entities Have Full Cybersecurity Program

by Fred Donovan

Only 29 percent of healthcare organizations report having a comprehensive cybersecurity program in place, according to the 2018 CHIME HealthCare’s Most Wired survey released this week. Among those organizations that don’t have...

Healthcare Continues To Bear the Brunt of Ransomware Attacks

by Fred Donovan

Healthcare remains the most targeted industry by ransomware attacks, which have spiked in the third quarter of 2018, according to latest data from specialist insurer Beazley. Ransom demands in the most sophisticated type of breaches also...

HHS Opens Healthcare Cybersecurity Center To Aid Private Sector

by Fred Donovan

HHS has opened its Health Sector Cybersecurity Coordination Center (HC3), which will be a healthcare cybersecurity threat analysis and incident response partner to the private sector. HC3 replaces the Healthcare Cybersecurity and...

Server Configuration Is Top Healthcare Software Vulnerability

by Fred Donovan

Server configuration is the top healthcare software vulnerability, followed by information leakage and cryptographic issues, according to Veracode’s State of Software Security (SOSS) study. Other top vulnerabilities for...

CISOs Need to Be Both Healthcare IT Security and Business Experts

by Fred Donovan

CISOs need to be business experts as well as healthcare IT security experts, observed University of Chicago Medicine VP and CIO Heather Nelson during her Oct. 19 keynote address at the Safeguarding Health Information: Building Assurance...

Healthcare Organizations Struggle with Vendor IT Security Risks

by Fred Donovan

BOSTON – Healthcare organizations have a range of approaches for assessing and managing the IT security risks posed by third-party vendors, one of the biggest sources of frustration for security teams. St. Luke’s Health System...

SRA Tool 3.0 Expands Application to More Health Data Security Risks

by Fred Donovan

OCR and ONC have updated their security risk assessment (SRA) tool (3.0) to improve usability and expand its application to a broader range of health data security risks. The agencies developed the tool to help small to medium-sized...

Risk Posed By 3rd-Party Services Is Big Healthcare Security Worry

by Fred Donovan

BOSTON—Security risks posed by integration of third-party patient services will be an ongoing healthcare security concern for organizations, commented Johns Hopkins University and Medicine CISO Darren Lacey during a panel...

FDA’s Cybersecurity Unit Would Set Up CyberMed Safety Board

by Fred Donovan

The FDA’s proposed cybersecurity unit would help establish the public-private CyberMed Safety Board mentioned in the FDA's medical device safety action plan issued in April, FDA spokeswoman Stephanie Caccomo recently told...

MGH Study Finds Major Increase in US Healthcare Data Breaches

by Fred Donovan

Since 2010, the total number of healthcare data breaches has increased steadily every year — except in 2015 — from 199 in 2010 to 344 in 2017, according to an analysis of US health care data conducted by two Massachusetts...

Healthcare Lags Other Industries in Phishing Attack Resiliency Rate

by Fred Donovan

Healthcare trails other major industries in its phishing attack resiliency rate, which measures the ratio between people who report a phish versus those who fall victim to one, according to a report released Sept. 17 by Cofense. The...

FDA Expects Updated Medical Device Security Guidance This Fall

by Fred Donovan

The FDA plans to update its premarket guidance for medical device security this fall, said FDA Commissioner Scott Gottlieb during a Sept. 5 speech to the Medical Device Innovation Consortium 2018 Annual Public Forum. The guidance will...

Healthcare Data Presents Lucrative Target for Cyberattackers

by Fred Donovan

The healthcare sector will remain one of the most targeted industries by cyberattackers because of its valuable healthcare data, judged a report published Sept. 6 by Marsh & McLennan Companies' Global Risk Center. In fact, more...

CISOs Unite To Improve IT Security in Healthcare Supply Chain

by Fred Donovan

Healthcare CISOs have set up a council to develop, recommend, and promote security best practices to bolster IT security throughout the healthcare supply chain. Founding members of the Provider Third Party Risk Management Council include...

Few Execs Believe Healthcare IT Security Tech Will Be Disruptive

by Fred Donovan

Only 7 percent of executives surveyed by Reaction Data believe that healthcare IT security technology will have a significant disruptive impact on healthcare. Twenty-nine percent said that telemedicine will be the biggest disruptor, 20...

Cybercriminals Using Innovative GrandCrab for Ransomware Attacks

by Fred Donovan

Over the last few months, cybercriminals have begun using the innovative GrandCrab ransomware for their ransomware attacks, according to Fortinet’s Threat Landscape Report Q2 2018. GrandCrab is the first ransomware to accept Dash...

Philips Delays Fix for Cardiograph Cybersecurity Vulnerabilities

by Fred Donovan

Philips does not intended to fix cybersecurity vulnerabilities in its PageWriter Cardiograph devices, which could allow attackers to modify settings on the devices, until mid-year 2019, according to an August 16 advisory from...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...