Shiny Objects

Security leaders all too often succumb to the distraction of a new shiny object that promises to be the panacea to all their security problems. Vendors encourage this line of thinking happy to make another sale and to have a new customer. What makes things worse is that a focus on CapEx budgets at most organizations to buy and implement more tools encourages this behavior when really an annual service may be a far cheaper, better, and faster...

Read More

Hacking Healthcare Live: Bits and Bytes Meet Flesh and Blood

Possibly one of the BEST EVER demos at RSA of all time for anyone in the medical space. Watch a live simulated medical device hack as an unsuspecting ER doctor faces the reality of practice in a brave new world of insecure technologies and vulnerable patients. Doctors Christian Dameff MD and Jeff Tully MD from the University of California Health System are joined by Josh Corman from I Am The Cavalry to demonstrate what can happen when a medical...

Read More

2018 Annual Cybersecurity Report

Cisco today released it's 2018 Annual Cybersecurity Report providing a freshly updated view into the current techniques that adversaries use to elude defenses and evade detection, along with insights and recommendations designed to help organizations and users defend against attacks. The report is based upon a study conducted by Cisco of 3600 Chief Information Security Officers (CISOs) and security industry leaders from 26 countries. This...

Read More

New Zealand Healthcare - Just Keeping its Head Above Water!

New Zealand Healthcare - Just keeping its head above water.  Photo: Hamish Clark. Securing the delivery of healthcare services in New Zealand faces many of the same challenges as in other mixed public / private health systems. Chronic under-funding of the public health system by government austerity measures is putting pressure on a system already overloaded. Net immigration to New Zealand is combining with a rapidly aging population that...

Read More

2017: A Milestone Year for UAE

The American Hospital Dubai. 2017 was a watershed year for healthcare providers in the United Arab Emirates. Joint ventures with US, UK, European and other healthcare partners saw the start or completion of a number of large hospital construction projects, vastly expanding the number of beds and types of procedures that can be conducted throughout the emirate. Partnerships with US-based Childrens' National Medical Center, The Cleveland Clinic,...

Read More

Beverly Hills Security Summit

Beverly Hills Security Summit CISO Forum. Photo: Tina Kitchen. What is it that keeps your CEO and Board up at night? How do you communicate cybersecurity risk to the Executive Leadership Team and the board, and do you talk to enterprise risk or just technology security risk? In planning to address ELT and board risk concerns, how are you going about the development of a security risk remediation plan? Have you considered the development...

Read More

Securing Health IT Value

Richard Staynings kicks off the VA HIMSS Annual Conference.  Photo: David Stewart. One of the fundamental conditions to deliver health IT value is security. Without it Health IT Systems cannot protect confidential data, validate the integrity of medical records, or ensure that clinicians can access IT systems in order to treat patients. The recent WannaCry attack that took out part of the British NHS, and other ransomware attacks that...

Read More

HITSecurity Forum

Richard Staynings, HIMSS Privacy & Security Committee. Photo: Tina Kitchen. ‘Security is an industry where we are continually developing new solutions without understanding the problem we are trying to fix’. This was the basis for a presentation I gave to the HIMSS Healthcare Security Forum today in Boston. Richard Staynings presents new security technologies. Photo: Malissa O'Rourke Miot. The session discussed the adoption...

Read More

Understanding Medical Device Security

The FDA recall of a medical device last week has caused a bit of a media storm as the general public scrambles to find out more. The fact that a medical device meant to help sustain life is insecure and could be hacked to kill a patient is alarming to all of us. More worrying is that the medical device subject to the recall, a cardiac rhythm management product, or “pacemaker” to the rest of us, is probably not an anomaly. Many other medical...

Read More