Privacy & Security

Cybersecurity experts from across health IT offer their opinions on the breach itself, what must be done for the lab company to fix security and regain trust – and how similar incidents can be avoided across healthcare.

The unauthorized access also included Social Security numbers, credit card data and banking information – but not laboratory results, the company said.

The retailer joins other big players such as AmerisourceBergen, McKesson and Pfizer in the effort to use distributed ledger technology for medication safety and integrity.

The Department of Justice charged Coffey Health System with failing to conduct the risk analyses required by the Medicare and Medicaid EHR Incentive Programs.

The Medical Group Management Association also has concerns about security risks that might be associated with the proposed rules, and says they go "too far, too fast."

The wide array of connected devices means "lot of different stakeholders that need to coordinate," on both the clinical and IT side. That requires "process and due diligence."

Research from Digital Shadows found imaging files particularly vulnerable.

The Auditor-General determined that deficiencies exist in the region’s public health digital record systems that make them “highly vulnerable.”  

You can't secure a network that you don't understand. Mapping hospital IoT is a must-do process for the creation of an effective defense strategy, experts say.

The risk is that with so many access points, there is the high potential for exfiltration of data, especially those consciously or unconsciously occurring because of vulnerabilities with privileged escalation— which is administrative-level access to all kinds of vital data about patients and the organization.