Jessica Davis

To Health2047’s Lúcia Soares, the political climate has increased awareness around challenges and highlighted work that remains due to unconscious bias.

To Wolters Kluwer executive Cathy Wolfe, the shift into value-based care requires lifelong learning bolstered by new technologies that will prepare them for the evolving tech landscape.

As Watson has undergone close scrutiny over the past year, leader Deborah DiSanzo is moving to IBM Cognitive Solutions' strategy team.

The issues shared during an Oct. 18 state senate meeting mirror those the healthcare sector faces: a lack of resources and an onslaught of attacks make it nearly impossible to keep up.

While the two federal agencies have worked together on vulnerability disclosures in the past, a new memorandum of agreement will improve coordination.

Part three in our cyber insurance series highlights red flags and common mistakes to avoid when shopping for a cyber policy.

While healthcare organizations are better understanding and investing in cybersecurity needs, hackers are keeping pace -- and then some, according to a panel of CISOs at the HIMSS Security Forum in Boston.

The Food and Drug Administration issued a cybersecurity alert on two Medtronic devices that could allow a hacker to hijack the software update process to change the device’s function. Medtronic disabled the online software update to eliminate the flaw. IMPACT Following a review of potential security vulnerabilities around the internet connection, the FDA found 34,000 CareLink cardiac implantable electronic devices are at risk. If exploited, a hacker could change the programmer’s functionality or the device itself during the implantation or follow-up visits. The flaw is found in the internet connection between the CareLink 2090 and Encore 29901 Programmers, used for downloading software from Medtronic’s Software Distribution Network. The programmers are used by providers to adjust the cardiac device settings and collect locally stored data. While software updates typically include new software for the programmer functionality and updates to the implanted device firmware through a virtual private network, the programmers don’t verify they’re still connect to the VPN before downloading the updates. As a result, attempting to update the program through the internet connection will result in an error message. Medtronic updated its network, which was approved by the FDA on Oct. 5. The fix will intentionally block the currently existing programmer from accessing the Medtronic SDN. The vendor is continuing to implement security updates to further address the flaw. The FDA recommends providers continue to use the programmers, as network connectivity isn’t required for normal CIEF programming. Further, providers should not attempt to update the programmer through the SDN, which is no longer available. Future updates are currently only available through Medtronic with a USB update. THE TREND Medical device vulnerabilities are well-known, and vulnerability reporting by vendors have increased 400 percent per quarter since the FDA released its cybersecurity guidance in 2016. However, the increase in FDA alerts is meant to further improve cybersecurity, rather than to shame the vendor. Medtronic has reported several vulnerabilities in recent years, as has Philips, Abbott and a host of others. .jumbotron{ background-image: url("http://www.healthcareitnews.com/sites/default/files/u2231/cybersecurity-jumbotron-712.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; } Focus on Cybersecurity In October, we take a deep dive into security strategy and pressing threats. Twitter: @JF_Davis_ Email the writer: jessica.davis@himssmedia.com

For more than a month, two separate employee accounts were compromised by the cyberattacks before the IT department discovered the hack.

The two nonprofit health IT groups hope to strengthen public-private partnerships and advance policy, starting by collaborating on the next Health Datapalooza.