The dangers of default passwords – 37% of Data Breaches Found to be Malicious Attacks
A malicious attack by malware or spear phishing on valuable data assets like PHI (protected health information) exploits known vulnerabilities and one of the most common vulnerabilities in medical devices and healthcare IT systems is default passwords. “Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting a wide variety of […]
Is cyber security and mobile device management important in the healthcare industry?
Is cyber security and mobile device management important in the healthcare industry? Healthcare and technology go hand in glove more than almost any other sector in today’s business world. This statement is true today and will remain so into the future. Patient records form just one element of the vast mountain of data that is stored and […]
Is your HIPAA security like a washing machine?
Is your HIPAA security management like a washing machine? Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle. It’s always a 4 step cycle, like “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line. It’s […]
The facts of life for HIPAA business associates
If you are a biomed vendor and you collect any kind of PHI (protected health information) in your medical device or store information in the cloud (including public cloud services like Google Drive and Dropbox) you need to be aware of US healthcare information privacy regulation. As a medical device vendor selling to healthcare providers, hospitals, physicians and […]
How to use BI to improve healthcare IT security
Information technology management is about executing predictable business processes. Information Security Management is about reducing the impact of unpredictable attacks to your healthcare provider organization. Once we put it this way – it’s clear that IT and security and compliance professionals, as dedicated as they are to their particular missions – do not have common […]
Snake Oil 2.0 – why more data is bad
Why more data is bad Remember the old joke regarding college degrees? BS = Bull Shit, MS = More Shit and PhD == Piled Higher and Deeper and HBS == Half Baked Shit. In Western society, we are schooled to believe that more and faster is better – even though we can see that big data […]
Auditing healthcare IT security and privacy with multiple threat scenarios
Is there a way to break out of the security checklist mentality? IT security auditors commonly use standard/fixed checklists, often based on the compliance regulation being audited: the HIPAA Security Rule or ISO 27001 for example; In this article we suggest considering an alternative approach based on generating and analyzing multiple threat scenarios for the […]
The best cybersecurity strategy may be counter-terror
Danny Lieberman suggests that a demand-side strategy with peer-review may work best for cyber-security. A conventional military paradigm does not work for cyber-security Government cyber security policy, molded by the military; traditionally frames cyber-security in the context of a defensive strategy based on intelligence gathering, threat analysis, modeling and monitoring with deployment of defensive network […]
Why big data for healthcare is dangerous and wrong
The Mckinsey Global Institute recently published a report entitled – Big data: The next frontier for innovation, competition, and productivity . The Mckinsey Global Institute report on big data is no more than a lengthy essay in fallacies, inflated hyperbole, faulty assumptions, lacking in evidence for its claims and ignoring the two most important stakeholders of […]
The mistakes you will make on your next cloud project
Are you considering cloud security in the abstract or cloud security in your software? Looking at cloud security issues in the abstract, we see 4 areas of concern: Mobility of Resources and multi-tenancy Identity and access management Data protection Incident response and assessment When choosing a cloud solution for your business application, it is easy […]
