New Zealand Healthcare - Just Keeping its Head Above Water!

New Zealand Healthcare - Just keeping its head above water.  Photo: Hamish Clark. Securing the delivery of healthcare services in New Zealand faces many of the same challenges as in other mixed public / private health systems. Chronic under-funding of the public health system by government austerity measures is putting pressure on a system already overloaded. Net immigration to New Zealand is combining with a rapidly aging population that...

Read More

2017: A Milestone Year for UAE

The American Hospital Dubai. 2017 was a watershed year for healthcare providers in the United Arab Emirates. Joint ventures with US, UK, European and other healthcare partners saw the start or completion of a number of large hospital construction projects, vastly expanding the number of beds and types of procedures that can be conducted throughout the emirate. Partnerships with US-based Childrens' National Medical Center, The Cleveland Clinic,...

Read More

Beverly Hills Security Summit

Beverly Hills Security Summit CISO Forum. Photo: Tina Kitchen. What is it that keeps your CEO and Board up at night? How do you communicate cybersecurity risk to the Executive Leadership Team and the board, and do you talk to enterprise risk or just technology security risk? In planning to address ELT and board risk concerns, how are you going about the development of a security risk remediation plan? Have you considered the development...

Read More

Securing Health IT Value

Richard Staynings kicks off the VA HIMSS Annual Conference.  Photo: David Stewart. One of the fundamental conditions to deliver health IT value is security. Without it Health IT Systems cannot protect confidential data, validate the integrity of medical records, or ensure that clinicians can access IT systems in order to treat patients. The recent WannaCry attack that took out part of the British NHS, and other ransomware attacks that...

Read More

HITSecurity Forum

Richard Staynings, HIMSS Privacy & Security Committee. Photo: Tina Kitchen. ‘Security is an industry where we are continually developing new solutions without understanding the problem we are trying to fix’. This was the basis for a presentation I gave to the HIMSS Healthcare Security Forum today in Boston. Richard Staynings presents new security technologies. Photo: Malissa O'Rourke Miot. The session discussed the adoption...

Read More

Understanding Medical Device Security

The FDA recall of a medical device last week has caused a bit of a media storm as the general public scrambles to find out more. The fact that a medical device meant to help sustain life is insecure and could be hacked to kill a patient is alarming to all of us. More worrying is that the medical device subject to the recall, a cardiac rhythm management product, or “pacemaker” to the rest of us, is probably not an anomaly. Many other medical...

Read More

FDA announces first-ever recall of a medical device due to cyber risk

  This week, the FDA took the unprecedented step of recalling a medical device – a pacemaker – because it was found to be vulnerable to cyber threats. The recall arose from an investigation by the FDA in February that highlighted a number of areas of non-compliance. While there are no known reports of patient harm related to the implanted devices affected by the recall, the step was taken as a preventative measure. A firmware update...

Read More

Threats and Response to Healthcare Cyber Attack

Nearly everything is now connected. We live, work and treat patients today in a world of inter-connectivity; where almost every thing, business and person is connected more or less all of the time. A world where in 2008, the number of ‘things’ connected to the Internet surpassed the global human population. A world in which by 2020 there will be in excess of 30 billion smart 'connected' devices. It should be no surprise then to any of us, that...

Read More

2017 Midyear Cybersecurity Report

Cisco released its 2017 Mid Year Cybersecurity Report today, outlining security trends over the past six to twelve months, and providing valuable research into the antics of cyber criminal elements.As in previous Cisco annual or midyear security reports, threats and attack vectors continue to evolve, with bad actors adding new and ever-more sophisticated spins to their exploits. The report identifies a new trend of what Cisco has coined 'DeOS'...

Read More

NH-ISAC Spring Conference

Richard with Mike Freeman and Chad Spiers from Sentara Health Thanks to everyone who attended the NH-ISAC Spring Conference in Orlando. Great to see such amazing thought leadership and lots of very useful information being shared. What a great place to network. Look forward to the next one. Richard with David Anderson from Adventist Health Grand Rounds Breakout Session led by Paul Singleton of the Cisco Umbrella Team ...

Read More

CCPL

Richard Staynings presents at the Canadian Conference on Physician Leadership The challenges faced by Canadian healthcare in protecting the confidentiality, integrity and availability of the health and personal data of Canadian patients is great. But so too is the job of ensuring that healthcare IT systems and other critical infrastructure remains available to treat patients in today's IT-centric health delivery model, where system outages possibly...

Read More

A Slippery Slope?

Like many cybersecurity professionals, I was somewhat pleased to finally read about the sentencing of convicted Russian cybercriminal Roman Seleznev to 27 years imprisonment by a US court. While this sets a new precedent in the sentences handed out to cybercriminals, many of whom have cost banks and retailers billions of Dollars, Pounds and Euros in losses, and forced other businesses to close up shop entirely, the case raises some interesting...

Read More

Securing Medical Devices - The Need for a Different Approach - Part 2

This is a two-part story. The first part can be read here. I recently met with the CIO and CISO of a large US healthcare system to chat about how the system was going about securing its 350,000 network attached medical devices. They were busy assessing and profiling all of the disparate devices from a multitude of different vendors that the pre-merger, independent hospitals had purchased over the past twenty years or so. The Health System...

Read More