Network Infrastructure

Henry Ford Health makes bold IT restructuring to secure IoT and medical devices
By Bill Siwicki | 09:04 am | April 08, 2016
Security chief Meredith Phillips says the health system reorganized internally to more effectively manage and secure 60,000 medical and Internet of Things devices, and to strongly position itself to handle evolving threats, such as ransomware.
Tips for protecting hospitals from ransomware as cyberattacks surge
By Bill Siwicki | 07:59 am | April 06, 2016
It's now easier than ever for criminals to get into hospital networks, and ransomware is on the rise. Cybersecurity experts offer advice to help hospitals beat back the hackers.
Two new ransomware strains discovered, can spread even when offline
By Jessica Davis | 12:38 pm | April 04, 2016
The Samsam and Maktub Locker malicious code programs attack vulnerable patches and spread to all systems connected to a network.  
US, Canada issue joint ransomware alert, discourage paying cyber attackers
By Jessica Davis | 05:45 pm | April 01, 2016
The United States Department of Homeland Security and the Canadian Cyber Incident Response Center issued a joint cyber alert on March 31, in response to the recent surge in ransomware attacks on hospitals and other organizations.
Healthcare's newest security threat: PowerWare ransomware
By Jessica Davis | 12:27 pm | March 30, 2016
PowerWare is similar to the Locky virus in that it's delivered via email through a Microsoft Word document that resembles an invoice and locks down the system until the ransom is paid.
Latest cybersecurity threat, 'Locky,' spreads faster than any other virus
By Jessica Davis | 11:03 am | February 26, 2016
The same week the Hollywood Presbyterian attack was making headlines around the world,  another species of ransomware – aptly named "Locky" – was first observed in the wild.
HITRUST Common Security Framework certification could reduce cyber insurance costs
By Mike Miliard | 12:07 pm | February 23, 2016
Group joins with insurance broker Willis Towers Watson on new program.
IT managers are hacking their own systems, even in healthcare, survey finds
By Bernie Monegain | 11:21 am | February 18, 2016
A high percentage of IT workers admit to not following the same security protocols they are expected to enforce, according to a new survey conducted across the United States by Absolute, a Canadian security firm. In fact, 33 percent admitted to successfully hacking their own or another organization and 45 percent admitted to knowingly circumventing their own organization's security policies. "The big surprise for us in this survey is that the gatekeepers are really the gatecrashers," said Stephen Midgley, vice president of global marketing for Absolute. Moreover, he said, while the survey of IT department managers included several industries, the findings apply across the board, with healthcare no exception. [Also: Hollywood Presbyterian gives in to hackers, pays ransom] "Given that IT is the security gatekeeper for an organization, it was alarming to see such high incidents of non-compliant behavior by IT personnel," he said. "Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies." IT decision-makers bear the brunt of responsibility. Of those surveyed, 78 percent said the organization's security is primarily IT's responsibility. The report also showed that 65 percent of IT decision makers believe they would likely lose their job in the event of a security breach. "The gaps in current data breach response plans and in upholding general best practice policies must be addressed," Midgley said. As he sees it, when it comes to security – especially in healthcare, but also in other sectors – there's an accountability divide. "That is a very precarious space for IT to be in," Midgley said. "They are tasked with data security, but aren't actually responsible for the device that contains that data.” "I think in healthcare it's magnified," he added, "because of HIPAA, HITECH, PHI. So, you can have all the security in place, but at the end of the day, IT is reliant on the employee to ensure security is implemented correctly. Yet, what we find is those very same employees try to find ways to circumvent the security policies that have been put in place." There's a lot of work for IT in terms of bridging that gap, he said, and recommended that organizations implement technology that is adapted to their environment that gives them complete visibility and control of the devices. Midgley mentioned the example of one healthcare entity that has a policy of automatically wiping data from any device – laptop, tablet or phone – that goes beyond a certain location. [Like Healthcare IT News on Facebook] "They assume that device has PHI on it," he said. "It's mitigating the risk of a data breach." The survey – which polled 501 U.S. adults who work in information security management roles in companies or organizations with 50 or more employees – found that security remains at the top of the IT spending list, with 87 percent of respondents expecting increased investment in security this year. Twitter: @HealthITNews
Hollywood Presbyterian gives in to hackers, pays $17,000 ransom to regain control over systems
By Henry Powderly | 10:33 pm | February 17, 2016
Ransomware attack had locked out administrators unless they agreed to the demand of 40 Bitcoins.
Report calls out weak FDA stance on medical device cybersecurity, favors stronger regulation
By Mike Miliard | 12:03 pm | February 17, 2016
Institute for Critical Infrastructure Technology says the feds should do more than just suggest safeguards.