IT Support and Hardware for Clinics
35.9K views | +7 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Healthcare Industry: 5 Key Areas Security Professionals Should Consider

Healthcare Industry: 5 Key Areas Security Professionals Should Consider | IT Support and Hardware for Clinics | Scoop.it

The Healthcare industry by its very nature is populated with some amazing people who are devoted to those in need of physical and mental care. Given this noble cause, it was perfectly understandable for them to ask “Why would someone attack us?” when WannaCry hit their sector.

 

In my opinion, the WannaCry compromise was the crescendo of almost a decade’s worth of neglect. Unpatched servers, legacy applications, forgotten risk registers and discarded business cases for investment all played their part. However, it did answer the million-dollar-question asked of all security teams: “What is the real risk of us being attacked?”

 

At the time of the attack, security teams across the country were rallying to resolve the issue, with many (I’m sure) searching for evidence that they had once warned their organization of the dangers of poor cyber-response arrangements and poor patch management.

 

Dare we ask how many servers compromised by WannaCry only required a reboot to enable the patch – denied only because no agreement could be reached to arrange a maintenance window?

As sad and as controversial it sounds, sometimes it takes an incident of this magnitude and publicity for organizations to remember the basics. Despite the irresistible urge for some to shout “I told you so,” we must understand how we can improve now that we have the attention of executive management who wish to avoid the implications of another WannaCry.

 

In recent years, I spent less time on policy and more on advising on change – mostly trying to mediate between innovation and security. In adapting my thinking to include transformation and change, I have identified five key areas I believe all security (and IT) professionals should be considering:

1. THE ‘GIG ECONOMY’

Organizations want to try new things and do not want to be bogged down with procedures and policy. However, we must be mindful of integration and support. Get the right contracts in place; secure robust support agreements and software assurance. Do not become dependent on a third-party application. We all know solutions with security flaws with vendors having no appetite to fix them.

Finally, be prepared to forgo the usual third-party assessments for these smaller firms. Streamline it, and document exceptions!

2. DIGITAL TRANSFORMATION

The right digital plan must be established. It must be designed with a care plan/business strategy at its heart and underpinned by robust architectural designs and operational basics. Base your security strategy around this, and you will not go far wrong. (It also makes asking for investment far easier!)

3. DATA, DATA, DATA

If you cannot extract data from a solution to demonstrate value and outcomes, why bother with it?

And critically, look for a common integration and data extraction tool rather than a swathe of bespoke interfaces known only to the developer who left the organisation two years ago.

4. A RETIREMENT PLAN

Support functions cannot be expected to support operating systems that are no longer supported by the vendor. Like the financial sector, it will only be a matter of time that the healthcare sector will be required to provide decommissioning plans and timelines.

Be proactive with your hardware; refresh and ensure your third-party vendors are contracted to ensure their applications are supported by the latest technology and operating systems.

5. COURAGE

Finally, we must have the courage to stand up for what we know is the right thing to do: do not be swayed by pressure to adopt bad practice or technology.

Whilst saying “No” is never really an option, the transferral of risk certainly is.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Cybercriminal gang plunders up to $1 billion from banks over two years

Cybercriminal gang plunders up to $1 billion from banks over two years | IT Support and Hardware for Clinics | Scoop.it

A still-active cybercriminal gang has stolen up to a $1 billion from banks in at least 25 countries over the last two years, infiltrating networks with malware and spying on employees’ computers to facilitate large wire transfers, Kaspersky Lab said Sunday.

The computer security vendor, which said it will release a report Monday on its findings, said the gang penetrated deeply into the banks’ networks, taking time to learn about internal procedures to make their fraudulent activity less suspicious.

In some cases, the gang learned about wire transfer systems by watching administrators’ computers over video.

“In this way the cybercriminals got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out,” Kaspersky said in a news release.

The group, called Carbanak after the malware the gang installed on computers, attempted to attack up to 100 banks and e-payment systems since 2013 in 30 countries. The gang members are suspected to be from Russia, Ukraine, other parts of Europe and China.

Some of the financial institutions affected are in Australia, Brazil, Bulgaria, Canada, China, Czech Republic, France, Germany, Hong Kong, Iceland, India, Ireland, Morocco, Nepal, Norway, Poland, Pakistan, Romania, Russia, Spain, Switzerland, Taiwan, Ukraine, the U.K., the U.S.

None of the banks or financial institutions have been named. Kaspersky said in a news release on that Interpol and Europol are involved in the investigation.

Each theft took between two and four months, Kaspersky said. Bank computers would be infected with malware through spear-phishing attacks, which involves sending targeted emails with malicious attachments or links to select employees.

Spear-phishing emails are crafted in a way to make it likely a recipient will open an attachment or click a link that appears innocuous but installs malicious software on a computer.

As much as $10 million was stolen in a raid at a time, Kaspersky said. Funds were transferred using online banking or e-payment systems to the gang’s own accounts or to other banks in the U.S. and China.

In other instances, the attackers had deep control within a bank’s accounting systems, inflating account balances in order to mask thefts. For example, Kaspersky said that an account with $1,000 would be raised to $10,000, with $9,000 transferred to the cybercriminals.

ATMs were also targeted, Kaspersky said. The gang commanded the machines to dispense money at a certain time, with accomplices ready to pick up the disgorged cash.


more...
No comment yet.
Scoop.it!

Do the Cyber Risks of the IoT in Healthcare Outweigh the Benefits?

Do the Cyber Risks of the IoT in Healthcare Outweigh the Benefits? | IT Support and Hardware for Clinics | Scoop.it

The Internet of Things, or IoT, is a system of internet-connected objects that collect, analyze and monitor data over a wireless network. The IoT is used by organizations in dozens of industries, including healthcare. In fact, the IoT is revolutionizing the healthcare sector as devices today have the capability to gather, measure, evaluate and report patient healthcare data.  

 

Unfortunately, IoT connected devices also exponentially increase the amount of access points available to cyber criminals, potentially exposing sensitive and confidential patient information.  In order to take advantage of this valuable new technology, healthcare firms need to ensure that they are aware of the risks and address them ahead of implementation.

How are healthcare organizations using the IoT?

Businesses in the healthcare sector are taking advantage of the IoT to provide better care, streamline tracking and reporting, automate tasks, and often decrease costs. Here are a few examples of how healthcare organizations are using IoT:

  • Medicine dispensers are now integrated with systems that automatically update a patient’s healthcare provider when they skip a dose of medication.
  • Smart beds are equipped with sensors that indicate when it is occupied, alerting the nursing staff if the patient is trying to get up.
  • Caregivers are taking advantage of ingestion monitoring systems whereby swallowed pills transmit data to a device, tracking whether a patient is taking medication on schedule or not.
  • Smart inhalers can now track when asthma and Chronic Obstructive Pulmonary Disease (COPD) sufferers require their medicine. Some of these devices are even equipped with allergen detectors.

 

Connectivity of healthcare solutions through cloud computing gives providers the ability to make informed decisions and provide timely treatment. With the IoT connected technology, patient monitoring can be done in real-time, cutting down on doctor visit expenses and home care requirements.

 

However, as healthcare organizations begin to integrate IoT technology into devices more frequently, cybersecurity risks increase significantly.

Cyber risks of healthcare IoT tech

Cyber risks have become sophisticated and there has been an enormous increase in the quantity and severity of attacks against healthcare providers. In fact, since 2009 the number of healthcare industry data breaches has increased every year, progressing from only 18 in that year to 365 incidences in 2018.  Significant financial costs to a healthcare organization are a consequence of these breaches due to fines, settlements, ransoms, and of course the costs to repair the breach itself.  

 

Businesses are becoming progressively vulnerable to cybersecurity threats due to rapid advancement and increasing dependence on technology. Unsecured IoT devices pose a higher risk by providing an easily accessible gateway for attackers looking to get inside a system and deploy ransomware. Everything from fitness bands to pacemaker devices can be connected to the internet, making them vulnerable to hacking. Most of the information transmitted isn't sufficiently secured, which presents cybercriminals with an opportunity to obtain valuable data.

Managing IoT cybersecurity risks

No organization, including healthcare firms, can block all attackers. However, there are ways in which they can prepare themselves. Use these tips to help protect your healthcare organization from IoT-related cybersecurity risks:

  • Encrypt data to prevent unauthorized access

  • Leverage multi-factor authentication

  • Execute ongoing scanning and testing of web applications and devices

  • Meet HIPAA compliance requirements

  • Ensure vendors meet HIPAA compliance requirements

  • Protect endpoints like laptops and tablets

  • Healthcare staff should be educated to look for signs of phishing emails like typos and grammatical errors

IoT device-specific protection tips:

  • Acquire unique logins and device names. Avoid using the default configurations
  • Ensure the latest version of the software is installed
  • Take an inventory of all apps and devices that documents where it resides, where it originated, when it moves, and its transmission capabilities

Smart devices connected through the IoT increase access points for cyberattacks, significantly increasing risk and organizations need to be prepared in advance to prevent damage from such threats.  The healthcare industry is one of the most sensitive and frequently targeted sectors as well as one of the most costly in which to address a breach. Therefore, it is prudent for organizations to include IoT devices in a thorough cybersecurity risk assessment and ensure that they take all the necessary precautions to minimize vulnerabilities from implementing these IoT devices.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.