IT Support and Hardware for Clinics
32.0K views | +2 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Healthcare IT Security Problems, People and Solutions

Healthcare IT Security Problems, People and Solutions | IT Support and Hardware for Clinics | Scoop.it

Like other sectors whose mission depends on network-connected technology, healthcare is in crisis. In addition to the need for confidentiality, people’s lives depend on the integrity of the health information system. Incorrect decisions based on incorrect information could mean the difference between life and death. Finally, the information must be available when needed by a caregiver.


Similar to many companies, which view themselves as non-technology companies, a common problem with hospitals is that they make heavy use of technology but refuse to spend the money to secure and use it properly. The common theme is usually: Where is my return on investment? CFOs, CEOs, and even CIOs, are usually not technically savvy; therefore they are very shortsighted when it comes to seeing how technology is critical to the mission of the organisation. Therefore, we have to explain the risks and opportunities and the vital role technology plays in mission of healthcare organisations: the very safety and well being of their patients.


Ransomware such as Cryptolocker, a recent phenomenon on the hospital scene seems to be the new threat, but not the most dangerous by far. Locking hospital data is more of an inconvenience at this point. Take Hollywood Hospital Healthcare systems for instance, a well-maintained backup system would have allowed them to abandon the old system, format the hard drives and upload the backups to critical systems overnight. Lack of planning cost them an extra $17,000 dollars, and maybe millions in lawsuits. In 2013 over 250,000 victims and about 90,000 machines per day were affected according to www.privacyandsecuritymatters.com.


Regardless of this, the attacks I am most worried about are command and control type attacks. These attacks could be leveraged against pacemakers, and other electromechanical devices that send wireless signals over the internet to doctors and caregivers. In some cases, manipulation of these devices can have immediate and deadly consequences.


The investment in healthcare Information technology would have four meaningful effects:

Investment in better technology that can detect a real-time intrusion attack on the system and automate its response;

The weakest link in the IT chain can be the people. However, with proper training in incident response and intrusion mitigation, this weakest link situation can be solved. An attack on a SCADA type system would mean the attacker would need to do reconnaissance on the people and system. Trained personnel would know to look for system enumeration, scanning events and change in data traffic flow. Most attacks can be avoided with knowledge and vigilance. Patients’ information would be more protected, risk to data breach would be minimised, and return on investment would be realized over the long term.

What management also needs to realise is spending money on the system does not make it hack proof. What it does is reduce the chances of a breach, not eliminate it.

Most CIOs, CFOs, and CEOs would ask: What happens when I invest in training for personnel and they take that training and find a better job? Well, finding well-trained people that work cheap is not an option. For the training, ask employees to stay for two years in return and train junior employees. Discuss salary increases so employees can feel compensated for their work. The alternative is, you do not train employees and they stay with the company for 20 years collecting a pay check while the problem escalates. Healthcare management has the power to create the healthcare technology of the future they desire. This is not the responsibility of their employees.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

DDoS-attack takes Dutch government sites offline for 10 hours

DDoS-attack takes Dutch government sites offline for 10 hours | IT Support and Hardware for Clinics | Scoop.it

A sophisticated distributed denial-of-service (DDoS) blocked Dutch government and privately run commercial sites from the public for more than 10 hours Tuesday.

The ministry of General Affairs, the National Cyber Security Center (NCSC), website hosting company Prolocation and services provider Centric are working to determine the specific methods used in the attack and who was behind it.

The attack, which started at 9:45 a.m. local time, was difficult to deflect because the attack patterns changed regularly, said Prolocation’s director, Raymond Dijkxhoorn. The attack was different from the usual DDoS attempts that happen on an almost daily basis and are easier to defend against, he said.

“It is the first time that we couldn’t deal with it,” Dijkxhoorn said.

The attack targeted the sites of the federal government directly, but also caused other sites that were hosted on the same network to go down, Dijkxhoorn said. Blog site Geenstijl.nl and telecom provider Telfort’s site were among those blocked in the attack.

A few of the sites on the network used DDoS-deflecting services from providers like Cloudflare, Dijkxhoorn noted. But unless all clients on a network are able to ward off a DDoS attack, there is a risk for other sites on that network, he said.

Geenstijl, for instance, uses Cloudflare, which will usually allow traffic to reach the site’s server when a DDoS attack targets the site. However, Geenstijl’s server can still become unreachable as a result of a DDoS attack aimed at other sites on the network that don’t have such protection, Dijkxhoorn said. The Dutch government did not use such external DDoS protection services, he said.

The DDoS attack consisted of mix of methods used alternately, according to Dijkxhoorn. Though Prolocation has experience with DDoS attacks, this was the first time they encountered this strategy, he said. He declined to provide more details about the attacks, since he has agreed with the NCSC not to do so until the investigation is finished.

The NCSC and Centric both declined to comment on details of the attack, pending the investigation.

Prolocation, however, has discussed the incident with engineers at Prolexic and Akamai, who say they have seen similar methods used in DDoS attacks in other places around the world.

Sites hosted on the same IP block can go down as collateral damage when one site is the focus of the attack, confirmed Akamai’s manager for Belgium, the Netherlands and Luxembourg, Hans Nipshagen. If the government sites had used external DDoS filtering services, the network might have stayed up, he said.

While it was difficult to tell from the outside the exact methods used against the government sites, the DDoS attack seems to have been large-scale, employing a vast amount of traffic, Nipshagen said. Some big DDoS attacks use multiple vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed, swarming target sites, according to an Akamai report. These incidents have been fueled by the increased availability of attack toolkits with easy-to-use interfaces as well as a growing DDoS-for-hire criminal industry, Akamai said.


more...
No comment yet.
Scoop.it!

What a New $35 Million Agency Is Expected To Do for US Cyber Defense

What a New $35 Million Agency Is Expected To Do for US Cyber Defense | IT Support and Hardware for Clinics | Scoop.it
The new Cyber Threat Intelligence Integration Center is intended to coordinate intelligence among government agencies to better respond to cyber attacks.

Via Paulo Félix
more...
No comment yet.
Scoop.it!

Congress will hold a public hearing on North Korea's hacking powers next week

Congress will hold a public hearing on North Korea's hacking powers next week | IT Support and Hardware for Clinics | Scoop.it

In the wake of the Sony Pictures hack, Washington is showing a new focus on the threat posed by North Korea. The House Foreign Affairs Committee has called for a public briefing on Tuesday that will examine the country's hacking capabilities, with testimony from the Departments of State, Treasury and Homeland Security. The briefing will focus on steps the US is taking to curtail or protect against the country's apparent capabilities. "There can be no doubt that the Kim regime means America harm," Chairman Ed Royce (R-CA) said in a statement, "and as we saw last month, Pyongyang can deliver on its threats."

President Obama has already ordered new sanctions against North Korea in direct response to the attack, but has also hinted at further measures yet to come, calling the sanctions the "first aspect" of the government's response. Others in Congress are also calling for new defensive measures, resurrecting the controversial CISPA cybersecurity bill. Given the newfound interest in digital defense, supporters see this as the bill's best chance to get through Congress. On Wednesday, FBI director James Comey reiterated his confidence that the nation was responsible, saying, "we know who hacked Sony. It was the North Koreans."


more...
No comment yet.