Skip to main content

Privacy & Security

Privacy & Security
By Diana Manos | 10:35 am | November 19, 2018
Here’s a look at what security experts think about the controversial issue.
Revenue Cycle
By HIMSS TV | 10:32 am | November 19, 2018
Focus on business value, such as lowering costs, improving productivity, and increasing revenue when trying to get executive buy-in for cybersecurity funding, says Shakira Brown, CEO of SMB Strategic Media. 
Privacy & Security
By Diana Manos | 10:59 am | November 16, 2018
While the number of overall data breaches is down, incidents involving 100 million or more records continue to be a concern, a new report found.
Privacy & Security
By Mike Miliard | 01:11 pm | November 15, 2018
Informatics group said the blurring lines between consumer and medical information systems demands privacy policies relevant to both sides.
Privacy & Security
By Diana Manos | 10:06 am | November 15, 2018
HHS said it is looking to remove regulatory barriers to health information sharing and the plan just took a first step.
IT Infrastructure
By HIMSS TV | 03:49 pm | November 14, 2018
Christiana Care Health System CISO Anahi Santiago discusses why hospitals have to invest in security tools to stay ahead of cyberthreats, but that it's just as important to focus on people and process as it is on technology.
By HIMSS TV | 01:23 pm | November 13, 2018
Sentara Health VP and CISO Dan Bowden discusses how hospitals are  preparing for consumerism and value-based care by building apps and tools in the cloud.
Artificial Intelligent
By Laura Lovett | 12:47 pm | November 12, 2018
Privacy & Security
01:11 pm | November 08, 2018
Last year’s WannaCry ransomware attack on the UK health service did more than expose weaknesses in healthcare cyber resilience – it also highlighted weaknesses in emergency responses to healthcare cyber attacks. Speaking at the recent HIMSS AsiaPac18 in Brisbane, Extreme Networks Healthcare Solutions Director Bob Zemke said a key lesson from the May 2017 attack was the importance of not just defending against risks, but of also having defined response plans when systems are compromised. The WannaCry attack hit more than 200,000 computers in over 100 countries, costing the UK’s NHS alone an estimated £92 million, exploiting a flaw in older Microsoft Windows operating systems, such as unpatched Win7 and Server 2008. “It started hitting any device with Windows hidden in the back of their systems, even the parking meters,” Zemke said. “It created a fear and response that was not based on logic. Instead, the response was to shut down as many systems as possible to prevent the infection from spreading.” Webinar: What Most Computer Security Defenses are Doing Wrong, and How to Fix It At many UK hospitals, this included shutting down the internal telephone system, even though it was not Windows-based. “We saw nurses actually notifying the media that the comms systems were taken offline,” he said. “Shutting off the systems created more panic and frustration in the clinical community. And then they went right to the media to voice their frustration and that made the situation even more of a pressure maker.”  Zemke said what is needed is a strategy for every connected device in a hospital, covering key questions such as: What is it? What does it do? What is the risk if the system goes offline? What are its normal activities and patterns of online communication? Does it need to talk to other systems? Is the device patchable or have you been instructed by the manufacturers to not apply operating system patches? “New security challenges will always arise – that's the world we live in,” he said.  “But the process and procedures we put in place ahead of time will allow us to then adequately and formally respond when an event takes place.” Zemke said better communication between clinical departments and the IT team was essential, including defining departmental liaisons and reporting structures, and response plans when events occur. It was also crucial to remember that many threats to connected systems do not emerge from outside. “Ten years ago when we looked at connected medical devices, we believed the idea that a firewall would protect them from the outside world,” Zemke said.  “We thought the vulnerabilities and threats were coming from outside hospital but what we found was we had more issues with just misconfigurations by vendors of devices operating in the same environment, rather than malicious attacks coming from the outside.” Originally published on Healthcare IT News Australia.
Privacy & Security
By Jessica Davis | 04:59 pm | November 05, 2018
The Attorney General also banned the former business associate of Virtua Medical Group from doing business in the state for accidentally uploading 1,654 patient files to an FTP server left open to the public.