In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and frequency of
CS Digest Section: Healthcare Security
A key lesson to be learned from this case "is that the Office for Civil Rights can only be pushed so far when a covered entity or business associate is shown to have systemic, management-driven failures in putting into place safeguards to protect its health information," says privacy attorney David Holtzman, vice president at the security consulting firm
An investigation into the Anthem cyberattack found the identity of the attacker with a high degree of confidence” and “concluded with a medium degree of confidence that the attacker was acting on behalf of a foreign government.”
Protecting medical devices from ever-shifting cybersecurity threats requires an all-out, lifecycle approach that begins with early product development and extends throughout the product’s lifespan.
While more organizations are likely looking for the best options to combat evolving cybersecurity threats, a recent study found that the majority of security professionals are overwhelmed by the amount of cyber threat data that they receive.
In the twelfth HIPAA enforcement action so far this year, federal regulators have smacked St. Joseph Health System with a $2.14 million penalty after investigating a breach that left protected health information of nearly 32,000 individuals exposed to internet searches for more than a year.
Watchdog Report Calls for Expanded Security Guidance, But Some Experts Want New Rule.
But many say lack of financial resources and personnel is hindering better security practices.
Noted data security expert Mac McMillan says healthcare organizations should maintain their enterprises at a high state of readiness.
The research deal between the department and the venerable standards organization will encompass Internet-connected devices, but also the networks on which they're deployed — an "end to end" view.