Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Healthcare Online User Group
Showing posts in English
Axel Wirth | 23 Oct 2014 | 0 comments

Like with my previous post on this topic, I am using a quote from one of the presenters to report on Day 2 of the public FDA workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”. And like with my previous post, this quote is a good indicator of the spirit of the day. It is time to move - and we are.

It was reported that the workshop had 200 registrants, requiring the creation of an overflow room, and that Day 1 drew 1100 remote participants!

In his opening keynote Michael Daniel, Special Assistant to the president and White House Cybersecurity Coordinator, called cybersecurity one of the defining challenges of the 21st century and referred to it as a “wicked” problem (drawing applause from the Bostonians in the audience) due to its complex nature: technical, scientific, economical, political, and human. He pointed out that we don’t really...

Axel Wirth | 21 Oct 2014 | 0 comments

The title is probably a good quote to reflect the spirit of the first day of the public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity”, jointly hosted by the Food and Drug Administration (FDA), Department of Homeland Security (DHS) and Health and Human Services (HHS).

The number one takeaway from today is the unprecedented collaborative spirit across all stakeholders. Not only the government agencies hosting the event, but across healthcare providers, medical device manufacturers, and security experts. Numerous discussion panels and plenty of audience participation made one thing clear: everybody recognizes the need to address the problem of medical device cyber-vulnerability and everybody is willing to let their guard down and constructively contribute to the solution.

As discussions revealed, the problem is complex and the solution will need to combine technical, procedural, workflow, regulatory, legal, and policy...

Axel Wirth | 02 Oct 2014 | 0 comments
On Oct. 1st, the FDA released final guidance on “Content of Premarket Submission for Management of Cybersecurity in Medical Devices.”  The document had previously been published as a draft version (June 2013), after public comment this final version has been issued. Symantec had submitted review comments and we applaud the FDA on finalizing this important document.
 
 
What does the document address?
 
Overall, the FDA maintained the approach of the initial draft, laying out how manufacturers should consider cybersecurity in the design of network-connected medical devices and that they should make cybersecurity documentation a part of their premarket submission. The document has become more specific in some areas, for example by referencing a list of FDA-recognized standards, but also by specifically referring to patient safety as one of the main drivers behind this guidance.
...
Axel Wirth | 26 Aug 2014 | 0 comments

Why this post?

Over the past few months we have seen a number of reports on breaches of healthcare organizations and medical device manufacturers where the suspected or documented target was intellectual property data related to medical devices.  Some of these recent cases have received wide press coverage.

As a result, the FBI has issued a warning to US healthcare companies that they may be the target of further cyberattacks (FBI warns healthcare firms they are targeted by hackers). The document indicated that several companies in the sector had been targeted and intellectual property, rather than personal data or PHI, may be the main target of the attacks.

"These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property...

Karalee Serra | 13 Aug 2014 | 0 comments

What’s an efficient, cost-effective strategy for 24×7 IT security monitoring? A leading New Jersey-based hospital conducted a rigorous six-month analysis of options. See why they concluded that Symantec Managed Security Services was “hands-down” better than their competition, and decided to outsource. For the full case study >> http://bit.ly/1p3413I

casestudy_1.jpg

Axel Wirth | 14 Jul 2014 | 0 comments

In cooperation with the ECRI Institute, AAMI (Association for the Advancement of Medical Instrumentation) just published their 2014 report on  "Executive Insights on Healthcare Technology Safety”.  Cybersecurity of Medical Devices came in as one of the top five identified technology risks! The full report can be found here: http://www.aami.org/aami-ecri/Tech%20Trends%202014.pdf 

Specifically, the report advises healthcare delivery organizations and manufacturers to take cybersecurity seriously as they are building their integrated networks of medical devices by, for example, performing security assessments. Further, they need to realize that “doing this the right way requires huge amounts of resources to test and secure the networks and devices before deployment”.

The report states that the security failures in healthcare are mistakes of a long gone era in other verticals, concluding...

Karalee Serra | 06 Jun 2014 | 0 comments
Increasingly, medical devices are being networked to improve efficiency, enhance clinical value, and support patient safety initiatives. Yet, this increasing integration results in higher exposure to cyber threats like hacker attacks and malware, and increasingly creates dependency and reliance on the complex interaction of all components. 
 
It is, in a sense, a “system of systems” problem and hospitals’ BioMedical Engineering and IT Departments are challenged to protect this complex and critical part of their infrastructure against an exponentially growing and increasingly sophisticated threat landscape.
 
In this webinar, you will:
  • Develop an understanding of the underlying and complex medical device cybersecurity challenges we are facing
  • Learn how to minimize risks
  • Be introduced to available best practices and resources. 

...

Axel Wirth | 09 Apr 2014 | 0 comments

As far as TV shows are concerned, there are a number of them which my now grown kids and us, the parents, equally enjoy; for example most recently Breaking Bad. But then there are some, where … well, let me phrase it politely, the older generation does not quite see eye to eye with the younger. The Walking Dead would fall into that category; I am definitely not getting the point.

Or maybe it is that I am dealing with too many Walking Dead, meaning ugly things you just can’t kill, during my day job? And as of today, there is another one to add to that list – the official end of support of Windows XP. And a big one that is.

After 12 years in the market, Windows XP certainly is established well and, not surprisingly, its end does not come easy:

  • According to a CNN Money article from March, 95% of bank ATMs are running on Windows XP (although other articles have placed the number somewhat lower at 60% or 75%, respectively, but still).
  • The total number...
David Finn | 13 Feb 2014 | 4 comments

 

After a few years out of the provider space and working at one of the largest information security firms - - I have the luxury of time and distance to think about some of the issues that providers struggle with from a different perspective.  Lately one of the things that I’ve been thinking about has been coming up in conversations with hospital CIOs/CISOs/CTOs, and most recently a large EMR vendor’s Security Architect: 

Why is healthcare so bad at IT Risk Management?

Good question.  And I certainly have my opinions about that.  Last fall I moderated a panel on post-Omnibus security and I got to ask some current and active practitioners (a healthcare security consultant, a long-time healthcare attorney, and a sitting CISO from a multi-hospital system) that very question.

It was the liveliest part of the hour and a-half panel and while we finally had to shift topics it certainly took up the most time and could’ve taken up more....

David Finn | 11 Feb 2014 | 0 comments

One of the great things about being the Health IT Officer at a big security firm is that no one really knows what you do.  I get to slip quietly back and forth between customers who are dealing with the reality, to sales teams, or to product teams and to marketers, to Symantec partners (both real and imagined), to software and hardware vendors and to industry associations.  It gives you a bigger view of what is going on.  And it is impossible to think of the bigger picture in Health IT without thinking of HIMSS Annual Conference.  And it is never bigger than when it is in Orlando!

Recently I got some information from HIMSS regarding the upcoming HIMSS14 and topics that attendees will be focused on.  They had a great infographic that included a section showing what topics people would be looking for at HIMSS.  All the usual suspects were there:  MU, ICD-10, Analytics, HIE, mHealth, Interoperability, EHR, Privacy and Security . . . ...