The Maturity Paradigm

In healthcare we have an insatiable appetite to adopt new technology

What is the Cost of Loss?

Join Richard Staynings on The Segment: A Zero Trust Leadership Podcast as he explores the questions of 'Why is Resiliency so important?' 'What is Zero Trust?' and 'What is the Cost of Loss?' following a breach. Tune in to this 45 minute podcast as Richard Staynings and host Raghu Nandakumara discuss very topical cybersecurity issues and concerns for healthcare and other industries. ...

The Maturity Paradox

The Healthcare industry has undergone a dramatic technological transformation over the past decade. From our frustrating interaction with a provider’s voice menu systems before we can speak with a human, to script-reading near-useless overseas calls center staff that attempt to sort out medical billing problems, we have finally entered the digital era. Gone are the days of calling a provider, simply jump on the online provider web portal or open...

New Cybersecurity Testing Lab Opens in Cheltenham

A new cyber security laboratory has recently opened close to Cylera's UK offices in Cheltenham, and near GCHQ, the UK’s intelligence agency. The 5,200 sq ft lab plans to test IIoT, IoT, OT, ICS, SCADA and embedded devices which now make up a surprising percentage of connected endpoints. These devices are largely regarded by the profession as being inherently insecure and rarely patched against security vulnerabilities by their owners. The greatest...

NewsTALK

Today I had the privilege to fly to Dublin, Ireland and come into the studio at 6am for a strong cup of coffee with Joe Lynam, host of newsTalk Breakfast Business and to share a few thoughts on the growing problem of cyber-crime and the security of the Irish Health Services Executive.Its been two years since the Saint-Petersburg-based Wizard Spider / Trickbot attack that crippled the HSE resulting in severe disruption of health services across...

FDA Implements New Rules

The March 29th FDA rule changes for the acceptance of new medical devices is a long awaited and major step in the right direction towards improving the security of medical devices. Finally, after more than a decade of pressure from cybersecurity leaders and healthcare providers, manufacturers of medical devices are to be held to a much higher standard of security design, manufacture, and support, of the devices they produce and sell, or lease...

New FDA Rules Go Into Effect

Yesterday the FDA gave notice that as of Oct 1st it will “refuse to accept” medical devices and related systems unless they meet its new cybersecurity requirements which went into effect March 29th, 2023. These requirements are embodied in new FDA final guidance on its Refuse to Accept (RTA) policy relating to cybersecurity in medical devices, specifically for “Cyber Devices” as defined in the newly-amended FD&C Act (Section 524B). These...

What Security Professionals Need to Know About Safeguarding Medical Devices and Hospital IoT

 Medical devices are becoming increasingly interconnected and vulnerable to cyber-attacks. As a security professional, it’s crucial that you understand the risks and how to safeguard these devices. Episode S5E3 of the Brilliance Security Magazine Security Podcast will provide an overview of the medical IoT landscape and critical considerations for protecting these devices. Listen in as Richard Staynings, Chief Security Strategist...

2023 Predictions

As 2022 draws to a close, what can we learn from a year marked by Russia's invasion of Ukraine, crippling cyber and kinetic attacks against critical infrastructure not just in Ukraine but across the world, and a continued rise in cyber attacks and ransomware globally? A year in which Russia, China and Iran have all become victims of cyber attacks, perhaps reaping the seeds sown by each of them in the past. And a year which saw the costs of...

The rising threat of Offensive AI

Various forms of artificial intelligence (AI) look set to transform medicine and the delivery of healthcare services as more and more potential uses are recognized, while adoption rates for AI continue to climb. Machine Learning (ML) has revolutionized clinical decision support over the past decade, as has AI enhancement of radiological images allowing the use of safer low-dose radiation scans. But AI no matter in which form, requires massive...

RSNA 2022

Cybercrime against healthcare institutions has exploded in recent years. In 2021, more than 1 in 3 healthcare organizations reported being hit by ransomware. The situation has been considerably worsened by the pandemic, which produced a triple threat for healthcare systems: a rapid expansion of internet-connected technologies and services causing an expanded attack surface, an increase in many types of cyberattacks, and fewer available...

ISfTeH

Richard Staynings with Michele Griffith MD, President of ISfTeH. The 'International Society for Telemedicine & eHealth' held its annual conference in San Jose, CA today and the author was proud to be invited to speak on the subject of 'cybersecurity as an enabler of new remote medical services'.  Remote patient services whether telehealth consults with a primary care physician, post operative recovery from home to free up needed hospital...

Are Your Vendors Introducing Risk?

Cyber risks in healthcare are not just confined to data centers, to nursing stations, or to the PHI data that flows back and forth between health insurers, HIEs, government agencies, and patients. The risk matrix is much bigger than that. It includes thousands of suppliers, vendors, and partners that stretch across the globe. Everything from business process and IT outsourcers in India, to complex manufacturing supply chains for medical...

Mitigating NHS Cyber Risks

The UK National Health System is about to start connecting many of its medical devices to the healthcare network as part of its latest efficiency drive, but what does this mean for the cybersecurity of medical networks and to patient safety? Richard Staynings, examines medical devices, their expected lifespan, risks and support by manufacturers and explores what solutions are available to providers like the NHS to reduce cybersecurity risks....

Gulf Critical Infrastructure: Protecting What Matters Most

Richard Staynings with Padam Kafle, Head Of Information Technology & Automation, Aster Hospitals, UAE, Nada Chehab, Director of Clinical Education, American Hospital Dubai, Dr Mustafa Hasan Qurban Ph.D, CIO of King Fahd Military Medical Complex, Saudi Arabia, Ahmad Yahya, CIO, American Hospital Dubai, & Himanshu Puri, CIO, Kings College Hospital London UAE. Protecting GCC critical infrastructure industries...

Ransomware Gang Demands $10m to restore French Hospital

The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located in Corbeil-Essonnes 28km SE from the center of Paris, has been virtually paralyzed by a cyberattack. Nearly all IT systems appear to have been taken off-line by a ransomware attack discovered on August 21, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. Non-critical services have had to be directed...

NHS 111 Services Held to Ransom by Cyber Attack

NHS 111 services are down for much of the UK following a cyber-attack Thursday morning against the infrastructure of software vendor 'Advanced'. The company's Adastra system is used by call handlers to dispatch ambulances, to book urgent care appointments, and for out of office hours emergency prescriptions. It’s Caresys software is used extensively across more than 1,000 care homes, while Carenotes, Crosscare and Staffplan are used extensively...