Search Results for hacking

Weekend reading: 1/3 of global healthcare orgs ransomwared, 50%+ mobile privacy problems–BMJ study, med device insecurity

Weekend reading to make you feel insecure, indeed. Healthcare continues to be one of the most vulnerable sectors to hacking, breaches, ransomware. (It likely was one of the top 5 on the list handed to Mr. Putin in Geneva a week ago.) It doesn’t help that many organizations from providers to payers, legacy devices to apps, figuratively have a ‘Welcome Hackers’ neon sign on their doors, virtual and otherwise. Three articles from the always interesting Healthcare Dive, two by Rebecca Pifer and the third by veteran Greg Slobodkin, will give our Readers a quick and unsettling overview: According to cybersecurity... Continue Reading

Breaking: 1B CVS Health records exposed in unsecured database now secured

...derive customers’ PII, including their email addresses. The story is breaking now on media, notably ABC-TV cited in Becker’s. While apparently not a true breach or malicious–just another one of those darn errors–it presented a real danger to CVS Health customers. Whether the publicity will force CVS Health to take remedial action is to be determined. Not ‘Hackermania Running Wild’ but could have been in this overheated world of ransomware and Healthcare Hacking. CVS needs to keep far tighter oversight on their vendors. They should post what’s left and above in the IT Department. Also Threatpoint and Becker’s Health IT... Continue Reading

News roundup: Hacks, ransomware of medical records, security cameras spike; Withings launches new mobile-direct devices; Bluestream Health adds Leon Medical (FL) to telehealth

...Oxford University’s Division of Structural Biology. Forbes received the information from Hold Security chief technology officer Alex Holden, who provided screenshots of the hackers’ access to Oxford University systems, and notified the university. The cutely-named DopplePaymer attacked a county government office in Chatham County, North Carolina, and stole residents’ PHI and PII between November 2020 and this past January. Becker’s 10 Feb And on the ‘Someone Got Fired For This One’ list is the response to hacking at Boise, Idaho’s Saint Alphonsus Health System. The health system had a data breach in January. Patients were routinely notified. However, the mail... Continue Reading

“All That We Let In”: health apps’ APIs are vulnerable and easy to hack, exposing and altering PHI and PII

...to implement certificate pinning, which forces the app to validate the server’s certificate against a known good copy Alyssa Knight, the ‘recovering hacker’ who authored the report, also hacked into one hospital’s EHR and changed its values by one digit. She was then able to access health records and registration information. She used a hacking tool that looks like it is generating data from a mobile health app. The use of mobile apps for telehealth and portals has become far more widespread as a result of the pandemic, yet security has lagged–even though the level of sophistication in the apps,... Continue Reading

Weekend reading: HISTalk’s interview with Spirion’s CEO on healthcare data security

...reduce the risk of loss? If I lost the data due to hacking or ransomware, what’s the backup? How fast can this happen? This Editor notes that these points (quantity, definition, risk of loss and recovery, and community impact) can be applied to other situation analyses. The litany of ransomware attacks that have ramped up during the pandemic waves has pushed data security issues to the ‘gotta tackle’ list. According to Emsisoft, a security company, there were 41 attacks on healthcare organizations in first half 2020. This didn’t stop during the summer, with a rash of them at end of... Continue Reading

Will the rise of technology mean the fall of privacy–and what can be done? UK seeks a new National Data Guardian.

...While I’d prefer this to be enforced by private entities, I don’t see it having a chance. In the US, we have HIPAA which is enforced by HHS’ Office of Civil Rights (OCR), which also watchdogs and fines for internal data breaches. Data privacy is also a problem of international scope, what with data hacking coming from state-sponsored entities in China and North Korea, as well as Eastern European pirates. Thus it is encouraging that the UK’s Department of Health and Social Care is seeking a new national data guardian (NDG) to figure out how to safeguard patient data, based... Continue Reading

Hackermania runs wild…all the way to the bank! Ransomware strikes Crozer-Keystone, UCSF med school, others

...downloads. As this Editor wrote back in May 2018 on the anniversary of WannaCry, it’s not a matter of if, but when, at highly vulnerable organizations like healthcare and academia with high-value information records. Right now, the Hakbit spear-phishing ransomware connected to an Excel spreadsheet macro is targeting mid-level individuals at pharma, healthcare, and other sectors in Austria, Germany, and Switzerland, according to tech research firm Proofpoint. TechGenix More: Becker’s 22 June on Crozer-Keystone, 29 June on UCSF, 12 largest healthcare breaches to date, 10 healthcare system incidents for June, Kroger hacking incident exposing 11,000 health records. DataBreaches.net news page.... Continue Reading

Texas Healthcare Challenge WISH-es on women in February hackathon (Dallas TX)

The latest phase of the Dallas-based Health Wildcatters Texas Healthcare Challenge series is the Women in Science & Healthcare (WISH) Hackathon, taking place Friday and Saturday, 21-22 February at the Health Wildcatters office in Dallas. The program includes keynote talks, problem pitching, mixing, team forming, hacking, mentorship, feedback, idea iteration, pitch practice sessions, final presentations, judging panel, and prizes. Teams will use design thinking to create products, iterate business models, map out go-to-market strategies, and potentially build new healthcare ventures. It’s not for existing companies; you can register your group individually to form a team working on a problem that... Continue Reading

The Breach Barometer hits a new high for healthcare–and the year isn’t over

31.6 million healthcare breached records can’t be right? But it is, and it’s double all of 2018. Protenus’ Breach Barometer for the first six months of the year tallied over double the number of patient records breached calculated for 2018 (15.1 million). The number of breach incidents reported was smaller–285 breach incidents disclosed to the US Department of Health and Human Services or the media–compared to 503 breaches in 2018, which means that individual data breaches affected far more records. Hackermania is running wilder than ever. Nearly half the breaches were due to hacking. The big kahuna of breaches this... Continue Reading

Digital health: why is it a luxury good in a world crying for health as a commodity?

...fraud. We’ve seen the rise/fall/rise of sensors, wearables, and remote monitoring, giants like Google and Microsoft out and back in, the establishment of EHRs, acceptance by government and private payers, quite a bit of integration, and more. All one has to look is at the investment trends breaking all records, with funding rounds of over $10 million raising barely a notice–enough to raise fears of a bubble. Then there’s another rising tide–that of cyberattack, ransomware, insider and outsider hacking. Is it this year? It may not be. Despite the sunshine, interoperability holds it all back. Those giant EHRs–Cerner, Epic, Athenahealth,... Continue Reading