Cybersecurity and Healthcare

National Cybersecurity Institute

With the numerous data breaches in health care over the last several years, it almost appears that a patient having any expectation of privacy and security of their information is unreasonable. In 2015 alone, tens of millions of personal healthcare records have been hacked into by adversarial nation states and organized crime. Almost daily the headlines document a new cyberattack that is sophisticated and directly targeted at healthcare. Add to these more traditional cybersecurity incidents, the numerous workforce (user) mistakes like losing laptops, backup tapes, and sending unencrypted e-mails and one can legitimately question any realistic expectation of privacy and security in today’s and tomorrow’ digitized healthcare world. Yet, the expectation is based on legal and ethical obligations for health providers to do exactly that—protect the privacy of the information through reasonable and appropriate cybersecurity.
Watch Now

Spotlight

In diesem Bericht erörtert J. Gold Associates, wie ein moderner Arbeitsplatz Sicherheitsprobleme und den Zeitaufwand von Helpdesks minimiert, die Mitarbeiterzufriedenheit steigert und eine starke Investitionsrendite realisiert. Laden Sie den Forschungsbericht von J. Gold Associates herunter und erfahren Sie, wie ein moderner Arb


OTHER ON-DEMAND WEBINARS

FDA Works to Soothe Industry at Medical Device Cybersecurity Webinar

The FDA will focus more on a device maker’s overall approach to ensuring cybersecurity rather than burrowing down and kicking the tires on each individual risk mitigation program, FDAs Abiy Desta said at an agency webinar Oct.29.That’s not to stay the agency is lightening up on its quest to make industry take device cybersecurity seriously. Rather, it appears to be the FDA’s way of reminding device makers to focus first on addressing the overall big picture with a sound rationale and then apply it to any number of potential risks down the decision tree.n its Oct. 2 guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” the agency laid out its basic requirements, though at today’s event the agency stressed it would accept other approaches — as long as their strategy was defensible.He also outlined some of the core functions FDA wants to see addressed in a comprehensive cybersecurity program, including:Limiting access to trusted users by using layered privileges, appropriate authenticity, and strong passwords.Protecting users and data by terminating sessions after a period of inactivity, setting up physical locks, and limiting access ports.Detecting, responding and recovering by implementing features that tell a user if the device has been compromised, provide information on what to do when it occurs, implement features to preserve critical functions with the ability to reboot and recognize drivers, and provide methods for retention and recovery of device configuration.

Countering Adversaries Part 3: Hacktivists and SQL Injection Attacks

Oracle & Brandon Dunlap

Activists break into organizational web applications and databases to find personal and organizational data in order to expose this private information. The Verizon Data Breach investigations report says “Hacktivists generally act out of ideological motivations, but sometimes just for the fun and epic lutz.” In this third webcast of a three part series, (ISC)2 and Oracle will examine their number one tool of choice: SQL injection attacks. SQL injection attacks are both simple to perform and difficult to detect. We’ll discuss detecting and blocking SQL injection attacks in order to protect your most sensitive customer and organizational data from “epic lutz”.​

Information Security in the Third Sector

Charities Security Forum

Why does a charity need security? What do they have to protect? Who would want to attack them? How do they protect themselves? What resources do they have? What else can they

Stay Secure During the Holiday Season

"On Cyber Monday, your organization’s employees will return from the Thanksgiving weekend, ready to kick off the online holiday shopping season – from their desks and devices. Last year over 500+ million identities were exposed via breaches. And with malware and phishing also in the news, join us to find out how you can protect not only your business but your employees’ personal information as they shop-from-work during the season. Learn more about the proactive steps you can do for protection including: · How you are the first line of defense when it comes to protection – password management and user access · When and how data should be encrypted · How to fight social engineered exploits: malicious web sites, malicious look-alike mobile apps and deceptive emails "