Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Big Data and Analytics
    • Cloud
    • Cybersecurity
    • Innovation
    • Mobile

    Health Care Still in Hacker Cross-Hairs, but Defenses Improving

    By
    Scot Petersen
    -
    February 22, 2019
    Share
    Facebook
    Twitter
    Linkedin
      Health.care.security

      ORLANDO, Fla. — There is both good news and bad news in health-care security trends: The bad news is that 74 percent of health care organizations were hit by “significant” security incidents in the past year, of which 56 percent were conducted by so-called bad actors targeting specific organizations with sophisticated, targeted, financially motivated attacks. The numbers were flat over last year, according to the 2019 HIMSS Cybersecurity Survey, released this week at the HIMSS 2019 health IT conference.

      The good news is that there are signs that health-care organizations are better prepared for such incidents and are spending more money on security and staff training, according to Rod Piechowski, Senior Director of Health Information Systems for the HIMSS. Organizations are doing a better job of making “everyone believe they are part of the solution,” he told eWEEK. “Too often security is viewed as an IT-only responsibility.”

      More good news is found in the work of the Food & Drug Administration, vendors, provider networks and volunteer groups who are working to establish standards for securing medical devices as well as developing plans for mediating the next big cyberattack along the lines of WannaCry, which decimated businesses and health-care organizations across Europe in 2017.

      FDA Offers an Update on Medical Device Security

      For instance, here at HIMSS, Suzanne Schwartz, Associate Director for Science & Strategic Partnerships at the FDA, presented an update on the FDA’s work on its Medical Device Safety Action Plan, Premarket Guidance for vendors, and Medical Device Cybersecurity Sandbox.

      The FDA has become more involved in the past two years, at least in part to mediate disputes between device makers and hackers, such as the one that was disclosed at last summer’s Black Hat conference involving vendor Medtronic. Among those advising the FDA is the hacker cooperative I Am The Cavalry, which is co-sponsoring the Biohacking Village at this summer’s Def Con conference.

      The parties are looking to avoid incidents in which vendors threaten hackers with legal action for discovering and publishing vulnerabilities and “help decrease the friction and come to the ground truth quicker around some of these issues,” said Dr. Christian Dameff, a practicing emergency doctor and lifelong hacker. “How do we protect security researchers? How do we help device manufacturers through this process better? And then how do we focus most of the energy toward the patients?”

      Part of the FDA’s pre-market recommendations is that vendors include a software “bill of materials” (BOM) and cybersecurity BOM, which would also include hardware, in order to be able to find or trace vulnerabilities. Another part is the CyberMed Safety Expert Analysis Board (CYMSAB), which is being led by MITRE. In concert with that, Massachusetts General Hospital this month received a $950,000 grant from the Department of Homeland Security to develop a medical device cybersecurity data repository.

      Securing Access While Simplifying Workflows

      Security vendors including Imprivata and Cylance are also are working on ways to keep computers and devices safe from unwarranted access while at the same time trying not to interfere with clinical workflows. At HIMSS, Imprivata unveiled Proximity Aware, a version of its card-based access and authentication solution.

      Instead of a card, Proximity Aware uses a smartphone as the token along with Bluetooth connectivity to the machine. Once the phone is set up as a secure token, providers need only walk up to a terminal for the machine to log the user on. Once the user walks away from the machine it will automatically be logged off. Such functionality is critical for Electronic Prescription of Controlled Substances (EPCS) services, which will be required as of Jan. 1, 2020.

      “In the case of most two-factor authentication, which you need for EPCS and some more workflows to come, you would use a token on your phone and enter a number. That’s inefficient,” Imprivata CEO Gus Malezis told eWEEK. “We automatically read that token, and that sign-on becomes completely invisible. It’s hands-free 2FA, where you don’t have to take the phone out of your pocket.”

      AI-based endpoint protection vendor Cylance is also working on a technology that applies AI models to the concepts of “continuous authentication” on health-care workstations, eliminating the need for password reentry, said Rob Bathurst, Worldwide Managing Director at Cylance for Healthcare and Embedded Systems. The technology, which is about to enter early-adopter stage, is tentatively called Persona.

      Ensuring That Users Are Who They Say They Are

      “If you look at your typical health-care environment, you’ve got hundreds of people logging in to these systems, and they may move from one system to another, or the credentials may get stolen or might get passed around,” Bathurst told eWEEK. “And the point of it is to ensure that the person who is logged into that system is actually that person.”

      Bathurst explained that Cylance is building user-behavior models that look at how users type on a keyboard, what types of applications they use and when they perform tasks or open applications. In short, what does a normal “routine” look like?

      If the machine detects behavior out of the norm, it uses a “process of gradual friction that gets more incredulous about the user as time goes on as it differs from the model,” Bathurst said.

      Scot Petersen is a technology analyst at Ziff Brothers Investments, a private investment firm. He has an extensive background in the technology field. Prior to joining Ziff Brothers, Scot was the editorial director, Business Applications & Architecture, at TechTarget. Before that, he was the director, Editorial Operations, at Ziff Davis Enterprise. While at Ziff Davis Media, he was a writer and editor at eWEEK. No investment advice is offered in his blog. All duties are disclaimed. Scot works for a private investment firm, which may at any time invest in companies whose products are discussed in this blog, and no disclosure of securities transactions will be made.

      Scot Petersen
      Scot Petersen is a technology analyst at Ziff Brothers Investments, a private investment firm. Prior to joining Ziff Brothers, Scot was the editorial director, Business Applications & Architecture, at TechTarget. Before that, he was the director, Editorial Operations, at Ziff Davis Enterprise, While at Ziff Davis Media, he was a writer and editor at eWEEK. No investment advice is offered in his blog. All duties are disclaimed. Scot works for a private investment firm, which may at any time invest in companies whose products are discussed in this blog, and no disclosure of securities transactions will be made.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×