The sensitive health information maintained by health care providers and health plans has become an increasingly attractive target for cyberattacks. The need for health care organizations to up their game on health data security has never been greater. To help health care organizations covered by the Health Insurance Portability and Accountability Act (HIPAA) to bolster…
Category: Commentaries and Analyses
Patient monitors altered, drug dispensary popped in colossal hospital hack
Scary stuff. Darren Pauli reports: Security researchers have exploited notoriously porous hospital networks to gain access to, and tamper with, critical medical equipment in attacks they say could put lives in danger. In tests, hospital hackers from the Independent Security Evaluators research team popped patient monitors, making them display false readings which could result in…
DHS Report Details “Persistent” Cyber Targeting of Police, Emergency Services
Public Intelligence reports: Cyber attacks against law enforcement, fire departments and other emergency services have become increasingly common and are likely to increase according to a recent intelligence assessment prepared by the Department of Homeland Security and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The assessment, which was distributed to law enforcement in September…
Letter to New York State Banks and Insurance Companies: New Cybersecurity Regulations Likely (Part 2 of 2)
Randall J. Collins writes: In my previous post, I reviewed the New York State Department of Financial Services’ (NYDFS) findings and conclusions of survey results of financial institutions and insurers’ programs, costs, and future plans related to cybersecurity. Anthony J. Albanese – Acting Superintendent of Financial Services – writes in a November 9, 2015 letter to Financial and…
Thinking about incident response
So I woke up to find that uKnowKids had issued a statement yesterday about their exposed database, an exposure that had been uncovered by and reported to them by Chris Vickery. Regular readers of this blog will recognize Chris’s name by now, as he’s uncovered a number of misconfigured databases that have been investigated by…
You Can’t Hide Behind Your EULA
In response to VTech’s controversial new EULA in the wake of their massive data breach, Cooley LLP has a commentary. Here are some excerpts: Apart from being a bit mean, it goes against the basic principles of data protection and consumer law in the UK. The Data Protection Directive 95/46 EC places obligations on the…