Friday, April 01, 2016

Cyber Security Seems To Be Attracting A Lot Of Attention In The Health Sector This Week!

First we had this appear:

US hospital pays $24k ransom after cyber attack locks medical records

Date February 19, 2016

Justin Wm. Moyer

The eighth and final budget is announced by President Barack Obama, and it includes a $19 billion boost in cyber security funding aimed at replacing insecure and 'downright ancient' systems.
Not too long ago, taking the United States' wild, messy, unreliable system of medical records online seemed like a worthy goal.
"To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that, within five years, all of America's medical records are computerised," President Obama said. "This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests."
While the shift Obama and many others pushed may have improved care, electronic medical records led to quite the unique hostage situation in Los Angeles this week. There, a hospital fell prey to a cyberattack — and has escaped its plight by paying hackers a $US17,000 ($23,740) ransom.
Allen Stefanek, president and chief executive of Hollywood Presbyterian Medical Center, explained the situation in a statement.
"On the evening of February 5th, our staff noticed issues accessing the hospital's computer network," he wrote. "Our IT department began an immediate investigation and determined we had been subject to a malware attack. The malware locked access to certain computer systems and prevented us from sharing communications electronically."
What communications needed to be electronically shared? As Stefanek pointed out a few paragraphs later, medical records. As reports emerged of the hospital being forced to resort to the pre-historic days of paper charts, at least one patient was feeling the pain.
"I wasn't feeling very well, went in for a checkup and they said their computers were down," patient Melissa Garza told Fox 11 last week. "I asked, 'What's going on here?' and they said we were hacked."
Lots more here:
Second we have this:

Alert raised over cyber attacks on medical devices

Jo Hartley | 23 March, 2016 |
The Australian Prime Minister falls to the floor clutching his chest as cybercriminals play power games with his pacemaker. A final flip of the remote and he’s dead.
It makes for gripping TV, but could this Homeland scene really happen?
Yes, says cybersecurity expert Dr Robert Merkel (PhD), an IT researcher at Monash University, Melbourne.
Dr Merkel is speaking with Australian Doctor following the release of a TGA alert advising medical device makers and hospitals to carry out IT assessments to determine the risk of cyber attack.
The warning covers devices from PET scanners to life support machines.
Of particular concern are wireless heart monitors, infusion pumps and other medication-dispensing equipment that connects to the internet, as potential hackers can operate them remotely.
“Although there have been no reports of hacking attacks on medical devices in Australia, there have been reports of such attacks overseas,” the TGA says.
“Cybersecurity experts in Australia have demonstrated a wide range of potential vulnerabilities in simulated attacks,” it adds.
Dr Merkel agrees the opportunity to hack medical devices is real, especially for the growing number of  internet-connected devices.
Few ‘cybercrims’ would go to the effort of hacking a wireless device they had to be within 100 metres of, he says, but “if it is connected to the internet, then anyone in the world has the potential for easy access”.
More here:
It’s hard to say much more than to point the risks out and hope everyone in the sector can take sensible steps to minimise risks. There is clearly great pain to be felt if people are not successful!

1 comment:

Bernard Robertson-Dunn said...

Talking about risks, there's a Privacy Impact Assessment Report of 20 May 2015, available on the My Health Record website


As part of the "Implementation of Opt-Out Model", under the Government Announcement phase it says:

"A public awareness campaign will be implemented, directed at the public at large as well as special interest groups."

Has anyone seen a publicity campaign aimed directly at the public? One that informs consumers of the potential risks of the system; explains who might have valid reasons for opt-ing out; what little control people actually have over who can see what's in their record, etc etc.

People I have spoken with in the Blue Mountains trial area have never heard of such a thing.