...that access to the servers is not protected through a user name and password, much less two-factor authentication. “Not only can we read the data — that’s bad enough — but we can also write to the data.” Scary when you contemplate a hospital with insulin pumps, BP monitors, and multiple surgical devices all going haywire. ZDNet Similarly, easy hacking pickings have turned up in IoT cameras–over 175,000 inexpensive cams made by Chinese manufacturer Shenzhen Neo Electronics’ as NeoCoolCam and distributed worldwide, discovered by BitDefender. Older Amazon Echo devices can be physically tampered with and malware uploaded to be turned... Continue Reading
Search Results for hacking
Petya no pet as it spreads: is it ransomware or a vicious design for data destruction? (updated)
...to ZDNet, both “Symantec and Bitdefender have confirmed that it’s a Petya ransomware strain dubbed GoldenEye, which doesn’t just encrypt files — it also encrypts hard drives, rendering entire computers useless.” ArsTechnica goes deeper into methodology. Petya uses a hacking tool called MimiKatz to extract passwords and then uses legitimate Microsoft utilities and components to spread it. (Ed. note: if you have time for only one technical article, read ArsTechnica’s as the latest and most detailed.) The Microsoft patch–and Microsoft has just issued an update for Win10, which this Editor heartily recommends you download and install–while defending against WannaCry, still... Continue Reading
Dry the tears: WannaCry stymied, North Korea hackers suspect. Is this a poke for a worse attack?
Breaking News This morning’s (Tuesday 16 May) news is about reputable security organizations–Kaspersky Lab and Symantec–connecting the dots that lead for now to a North Korea-linked hacking organization, the Lazarus Group. This group has been identified in previous hack attacks and is based upon WannaCry code appearing in Lazarus programs. US Homeland Security has admitted seeing the same similarities, but all are working to gain more information. Lazarus has been previously identified as the source of the 2014 Sony attack and the theft of $81 million from the Bangladesh central bank, again linked to fundraising for North Korea for its... Continue Reading
Hackermania meets The Dark Overlord with 2.3 million 2017 health data breaches
...reason we have health record hacking is because HIPAA rules bring about fines for the breeches, and paying ransom will cost less than the fine. A point to ponder. Donna Cusano Hi John, and thanks for your incisive as always POV. What hackers pick up from medical records are things like name, address, method of payment, often SSI, and almost always DOB. They then can sell that info or combine it with other info to steal identities, which is what I have heard happens. Who they sell it to? International criminal networks love this info. My thought is that they... Continue Reading
Thinking about a location for your health tech startup? Consider…’virtual’ Estonia!
...in picturesque Tallinn and need a delivery? It may come to your door via Starship robot, founded by one of the former Skype team. (Did you know that former Skypers have funded much of the Estonian tech and investment boom?) They take data security seriously with the Russian Bear growling (and hacking) on the border, so they created a NATO-accredited cyberdefense center in Tallinn and a whole country backup in a Luxembourg ‘data embassy’. Blockchain is a large part of this–and the government is working on using it for mapping the genome data of its 1.3 million citizens and sell... Continue Reading
16 or 27 million 2016 breaches, 1 in 4 Americans? Data, IoT insecurity runs wild (US/UK)
...2016 research that over 27 million healthcare records were stolen in 450 reported data breaches. 26.8 percent were attributed to ransomware, hacking or malware. This article also contains a lot of speculation by attorneys and other experts in the field that ransomware-related breaches are under-reported: “The reality is often after a ransomware incident, executives find out that criminals have been exploiting their network for years and going public with the information would force their board, executives and staff to answer some serious questions that they are not willing or prepared to answer,” according to ICIT Senior Fellow James Scott quoted... Continue Reading
Health execs’ wish list for 2017: security, analytics, pop health…and telehealth (US)
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/01/2017-upgrade-HITN-survey.jpg” thumb_width=”200″ /]Healthcare IT News published the results of their October survey of 95 healthcare executives as to their forward plans (resolutions?) for 2017. It’s unsurprisingly centered on upgrades to the following areas: Data security (52 percent)–definitely making up for lost time and spending due to the obvious threats from hacking and data breaches. In November alone, nearly two incidents a day (57) and over 458,000 records were reported by healthcare entities to HHS. (Protenus Breach Barometer) Data analytics (51 percent)–figuring out what to do with all that patient data generated by…. Patient engagement and population health (44 percent... Continue Reading
The malware siege of Northern Lincolnshire and Goole NHS: a preview of more? (UK)
...Readers know, US and Canadian hospitals and healthcare organizations have been subject of late to malware and its latest iteration, ransomware, with a large outbreak this summer. This is now after years of the FBI and others warning of hacking threats, IT experts easily hacking into medical devices, and now the eminently hackable and botnettable IoT [TTA 25 Oct]. A rewarding read for HIT-ers and anyone concerned on both sides of the Atlantic is Brian Krebs’ take on this (Krebsonsecurity). (Don’t miss the 50-odd comments below the article.) He strongly suspects that the ‘malware’ was ransomware, due to the pattern... Continue Reading
Friday’s cyberattack is a shot-over-bow for healthcare (updated)
...year, here is the warning that all these outdated devices are Typhoid Marys spreading infection through hospital networks]. St Jude Medical has of late had to answer charges that its pacemakers and other cardiac devices are vulnerable to hacking–which short-sellers have used to drive down its stock pending its acquisition by Abbott Laboratories. Modern Healthcare The answer? Everywhere. The universal conclusion is that this particular Mirai malware-caused DDoS is but a test for the next waves, and next malware, to come. ZDNet Updated: 5 takeaways on why this matters from TechRepublic, including the ‘layered’ nature of the Dyn attack which... Continue Reading
Add 3 years to ‘Paperless 2020’: Robert Wachter at The King’s Fund (UK)
...a GP surgery in person”. NHS is having another crack at an app library, and there was a bit of surprise, according to the writer, that Secretary Hunt said that fitness data will be integrated into NHS patient records. But Dr Wachter cautions that he’s walking back the 2020 date he advocated for full paperless records to 2023. He recognized that implementation in all but the most advanced hospitals (a handful) isn’t feasible. There are too many competing priorities and too little funding (and, this Editor would add, too many HIT threats like hacking and ransomware). Only the most “digitally-sophisticated... Continue Reading
Most Recent Comments