Skip to main content

Privacy & Security

By Nathan Eddy | 12:00 pm | July 24, 2019
But a study from IBM Security and the Ponemon Institute finds that orgs with a solid incident response plan had $1.23 million less in breach costs than those that didn't.
By Mike Miliard | 12:04 pm | July 23, 2019
The groups urge the Senate to follow the House's lead and finally lift the ban on federal funding for a nationwide unique patient identifier, making the case that it can help avoid serious safety risks due to matching errors.
Workforce Development
By Nathan Eddy | 12:09 pm | July 22, 2019
And that's because too many board members don't have the right level of IT and security expertise, a new Black Book study suggests.
By Cara Dartnell-Steinberg | 12:06 pm | July 17, 2019
Responding to an answer in parliament by a junior health minister, Labour’s Shadow Cabinet Office Minister Jo Platt warned the government of the dangers of the 2,300 NHS computers thatstill run on Windows XP.
By HIMSS TV | 10:47 am | July 17, 2019
Dan Bowden, CISO, and Michael Reagin, CIO of Sentara Healthcare, see big advances in cloud security – with a deeper understanding of the configurations needed for data privacy in the public cloud.
By Tammy Lovell | 04:31 am | July 15, 2019
GE Healthcare says its anaesthetic machines pose no patient risk, after concerns that the devices could be tampered with by hackers. Cybersecurity firm, CyberMDX, flagged a vulnerability related to the GE Aestiva and GE Aespire 7100 and 7900 devices, that could allow hackers to alter the amount of anaesthetic delivered to patients and silence alarms which indicate danger. According to researchers, if a machine was connected to a hospital’s networks via terminal servers, an attacker could remotely modify its parameters by forcing the device to revert to a less secure version of the communication protocol. But Hannah Huntly, global external affairs manager for GE Healthcare, said its investigation found there was no clinical hazard or direct patient risk. “There is no vulnerability with the anaesthesia device itself, and we generally recommend that anaesthesia devices not be connected to a network,” she said. The Royal College of Anaesthetists (RCoA) also stated there was no reason to panic over use of the devices. “In the unlikely situation where hacking of a single device may take place, patients should be reassured that their anaesthetist will be monitoring them constantly and will have received many years of training to rectify immediately the situation of a device failure,” said RCoA council member, Dr Helgi Johansson. WHY IT MATTERS Fears were raised that patients could be put at risk in NHS hospital trusts using the devices.   “We’re currently assessing the volume of these particular anaesthetic machines in use across England and will be sharing any subsequent advice with trusts in the coming days,” an NHS Digital spokesperson said. The Medicines and Healthcare products Regulatory Agency said it is working with the manufacturer and the Association of Anaesthetists of Great Britain and Ireland, to establish the effects of any vulnerability. THE LARGER TREND In May 2017 the WannaCry ransomware attack severely disrupted more than 80 NHS hospital trusts causing 19,000 patient appointments to be cancelled. A recent report by the Institute of Global Health Innovation at Imperial College London, led by Lord Ara Darzi, called for investment in cyber-security to be prioritised to prevent the NHS being a “vulnerable target” for hackers. ON THE RECORD Axel Wirth, distinguished healthcare architect at US software company, Symantec Corporation, told Healthcare IT News: “Although a vulnerability may be exploitable when I have the device in front of me with full access to it, it doesn’t mean that under normal use an attacker could execute the same attack. “I don’t want to downplay the problem - medical device cybersecurity is an issue that has been ignored too long, but I also don’t think we need to panic. I advise proceeding with a sense of urgency, yet in a planned and coordinated approach.”  
By Mike Miliard | 04:46 pm | July 12, 2019
Virtustream Healthcare Cloud helped the North Carolina-based health system "future-proof" its IT system by moving mission-critical data to its hosting service.
By HIMSS TV | 01:42 pm | July 12, 2019
Julio Vivero, business partner at GMV, says medical devices and data privacy are two huge cybersecurity issues the healthcare industry is facing, and a one-size-fits-all approach is not the solution.
By Benjamin Harris | 01:36 pm | July 11, 2019
More than half of hospitals say they've had one or more data breaches caused by third-party vendors in the past two years, with an average cost of $2.9 million per incident – but too many are still failing to do adequate risk assessments.
By Bill Siwicki | 12:24 pm | July 11, 2019
The vendor’s event management technology is designed for monitoring threats to healthcare organizations and comes with built-in connectors for major healthcare applications such as Epic and Cerner.