Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Healthcare Online User Group
Showing posts tagged with Critical System Protection
Showing posts in English
Axel Wirth | 23 Oct 2014 | 1 comment

Like with my previous post on this topic, I am using a quote from one of the presenters to report on Day 2 of the public FDA workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”. And like with my previous post, this quote is a good indicator of the spirit of the day. It is time to move - and we are.

It was reported that the workshop had 200 registrants, requiring the creation of an overflow room, and that Day 1 drew 1100 remote participants!

In his opening keynote Michael Daniel, Special Assistant to the president and White House Cybersecurity Coordinator, called cybersecurity one of the defining challenges of the 21st century and referred to it as a “wicked” problem (drawing applause from the Bostonians in the audience) due to its complex nature: technical, scientific, economical, political, and human. He pointed out that we don’t really...

Axel Wirth | 21 Oct 2014 | 0 comments

The title is probably a good quote to reflect the spirit of the first day of the public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”, jointly hosted by the Food and Drug Administration (FDA), Department of Homeland Security (DHS) and Health and Human Services (HHS).

The number one takeaway from today is the unprecedented collaborative spirit across all stakeholders. Not only the government agencies hosting the event, but across healthcare providers, medical device manufacturers, and security experts. Numerous discussion panels and plenty of audience participation made one thing clear: everybody recognizes the need to address the problem of medical device cyber-vulnerability and everybody is willing to let their guard down and constructively contribute to the solution.

As discussions revealed, the problem is complex and the solution will need to combine technical, procedural, workflow, regulatory, legal, and policy...

Axel Wirth | 26 Aug 2014 | 0 comments

Why this post?

Over the past few months we have seen a number of reports on breaches of healthcare organizations and medical device manufacturers where the suspected or documented target was intellectual property data related to medical devices.  Some of these recent cases have received wide press coverage.

As a result, the FBI has issued a warning to US healthcare companies that they may be the target of further cyberattacks (FBI warns healthcare firms they are targeted by hackers). The document indicated that several companies in the sector had been targeted and intellectual property, rather than personal data or PHI, may be the main target of the attacks.

"These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property...

Axel Wirth | 14 Jul 2014 | 0 comments

In cooperation with the ECRI Institute, AAMI (Association for the Advancement of Medical Instrumentation) just published their 2014 report on  "Executive Insights on Healthcare Technology Safety”.  Cybersecurity of Medical Devices came in as one of the top five identified technology risks! The full report can be found here: http://www.aami.org/aami-ecri/Tech%20Trends%202014.pdf 

Specifically, the report advises healthcare delivery organizations and manufacturers to take cybersecurity seriously as they are building their integrated networks of medical devices by, for example, performing security assessments. Further, they need to realize that “doing this the right way requires huge amounts of resources to test and secure the networks and devices before deployment”.

The report states that the security failures in healthcare are mistakes of a long gone era in other verticals, concluding...

Axel Wirth | 09 Apr 2014 | 0 comments

As far as TV shows are concerned, there are a number of them which my now grown kids and us, the parents, equally enjoy; for example most recently Breaking Bad. But then there are some, where … well, let me phrase it politely, the older generation does not quite see eye to eye with the younger. The Walking Dead would fall into that category; I am definitely not getting the point.

Or maybe it is that I am dealing with too many Walking Dead, meaning ugly things you just can’t kill, during my day job? And as of today, there is another one to add to that list – the official end of support of Windows XP. And a big one that is.

After 12 years in the market, Windows XP certainly is established well and, not surprisingly, its end does not come easy:

  • According to a CNN Money article from March, 95% of bank ATMs are running on Windows XP (although other articles have placed the number somewhat lower at 60% or 75%, respectively, but still).
  • The total number...
David Finn | 11 Feb 2014 | 0 comments

One of the great things about being the Health IT Officer at a big security firm is that no one really knows what you do.  I get to slip quietly back and forth between customers who are dealing with the reality, to sales teams, or to product teams and to marketers, to Symantec partners (both real and imagined), to software and hardware vendors and to industry associations.  It gives you a bigger view of what is going on.  And it is impossible to think of the bigger picture in Health IT without thinking of HIMSS Annual Conference.  And it is never bigger than when it is in Orlando!

Recently I got some information from HIMSS regarding the upcoming HIMSS14 and topics that attendees will be focused on.  They had a great infographic that included a section showing what topics people would be looking for at HIMSS.  All the usual suspects were there:  MU, ICD-10, Analytics, HIE, mHealth, Interoperability, EHR, Privacy and Security . . . ...

Axel Wirth | 21 Jan 2014 | 1 comment

Yahoo!7 News Australia just published a noteworthy article: "Cyber attacks: pharmacies, patient records targeted 'ransomware' attacks" (17-Jan-2014), highlighting a worrisome trend of using Ransomware to specifically attack medical institutions, encrypt critical data (pharmacy records in this case) in place and demand a ransom in exchange for the encryption key.

Although we have seen these types of attacks before (Express Script, 2008; Virginia Health Professions Database, 2009; or Surgeons...

Axel Wirth | 11 Nov 2013 | 0 comments

Granted, there are easier to decipher acronyms than the one describing the Manufacturer Disclosure Statement for Medical Device Security, short MDS2. The initial version was developed in 2008 through a cooperation of NEMA (National Electrical Manufacturers Association) and HIMSS’ (Health Information and Management Systems Society) Medical Device Security Task Force, in collaboration with multiple industry associations, government agencies and other stakeholders. It provided a basic, 3-page form allowing medical device manufacturers to describe to their customers, i.e. the hospitals, the basic security and privacy properties of a specific medical device; things like the operating system and version, type of network connection, the ability of the operator to install antivirus software, or what PHI (Protected Health Information) is stored on the device and whether it is transient or permanent.

Although the form fulfilled its purpose, there was also some criticism on this...

David Finn | 29 Oct 2012 | 1 comment

The demand for professionals to fill health IT jobs continues, as noted in this recent article, in AllVoices: ”The U.S. Department of Labor has earmarked both healthcare and information technology as two job sectors that are expected to show real growth in the next few years, but when the two are combined, the job prospects soar.” I asked one of our HIMSS e-Executive Mentors and former HIMSS Board member, David Finn, to share his perspective on the health IT job market.  It all comes down to leadership . . . my comments can be found on the HIMSS Blog at:

http://blog.himss.org/2012/10/26/health-it-jobs-a-...

David Finn | 03 Apr 2012 | 0 comments

At the Jefferson Memorial you find a lot of Jefferson’s writings - - as opposed to Lincoln’s, for example (one thing that makes sense in Washington, DC).  One of them says this:  “I am not an advocate for frequent changes in laws and constitutions, but laws and institutions must go hand in hand with the progress of the human mind.” 

One of my very first IT assignments was to write the coding standards for a major university - - we did all our own development at that time and were about to completely re-do all major systems (billing, collections, records and registration, scheduling, grading - - everything).  My writing experience had previously been journalistic or for the theatre.  So, I started asking people who had more experience.  First stop was a very senior manager who pointed to two shelves full of three inch, three ring binders on his bookshelf.  “Here’s a good example,” he said, “of...