Thursday, May 23, 2019

Healthcare needs to adopt zero trust strategy and software-defined perimeters

Brigadier General Gregory Touhill (ret.)
Brigadier General Gregory J. Touhill (ret.), CISSP, CISM, serves as President of Cyxtera Federal Group, which offers data center services and cybersecurity capabilities to federal agencies and departments. Prior to retiring, Brigadier General Touhill served as a U.S. Air Force officer and combat veteran in several commands around the world including U.S. Transportation, Central, and Strategic Commands, and led the creation of the Air Force’s cyberspace operations training programs. He was appointed by President Barack Obama as the nation’s first ever Federal Chief Information Security Officer in 2016, where he was responsible for ensuring that the proper set of digital security policies, strategies and practices were adopted across all government agencies. He is a sought-after speaker and author within the information technology industry, where he is best-known for his “Cybersecurity for Executives: A Practical Guide,” which is used widely at colleges and universities across the country. He is also a faculty member at Carnegie Mellon University’s Heinz College, where he teaches Cyber Risk Management. PARCA eNews spoke with him about cyberthreats to healthcare.

Forescout report finds healthcare IT cybersecurity lacking

PARCA eNews – May 15, 2019 – In a survey of more than 430,000 devices on 1500 medical virtual local area networks (VLANs), Forescout Technologies found that healthcare IT continues to increase in diversity while too many networks continue to rely on legacy Windows operating systems and lack sufficient segmentation strategies.

Forescout Technologies, a provider of device visibility and control services for large enterprises and government agencies, issued its report of healthcare cybersecurity May 15, 2019.

Top cybersecurity challenges in healthcare

PARCA eNews – May 17, 2019 – A survey commissioned by Infoblox to see what has changed in the two years since WannaCry, shows healthcare IT organizations are very confident in their ability to respond to cyber attacks.

Infoblox is a network security company specializing in DDI with its Secure Cloud-Managed Network Services. The company commissioned the survey to follow up on its survey last year to look into how healthcare organizations are adapting to protect themselves from cyber threats.

The new survey found that healthcare industry leaders have taken notice of major events such as WannaCry and have gone as far as to make cybersecurity a leading priority.  

The research revealed: 

April sets record for healthcare breaches

PARCA eNews – May 22, 2019 – Nearly 700,000 healthcare records may have been compromised in 44 data breaches reported to the Office for Civil Rights in April 2019, making the highest total number breaches ever reported in a month since OCR began issuing its breach report in 2014.

HHS revises penalty table for HIPAA violations

PARCA eNews – April 30, 2019 – The Department of Health and Human Services (HHS) issued a change regarding civil penalties for HIPAA violations as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Under the current regulation penalties for HIPAA violations are levied on four tiers based on the level of knowledge of the breach by the covered entity ranging from 1-4:

OCR issues warning for ATP and zero-day exploits

PARCA eNews – April 9, 2019 – The Office of Civil Rights (OCR) warned HIPAA covered entities about advanced persistent threat (ATP) attacks and zero-day exploits in its Spring 2019 Cybersecurity Newsletter.

The newsletter points to the dangerous combination of ATP and zero day attacks that can threaten data all over the world.

Patch Tuesday: Microsoft, Adobe and Apple release security patches

PARCA eNews – May 14, 2019 – Microsoft released patches for 79 security flaws in its May 2019 Patch Tuesday update.

Two of the most significant patients involved a zero-day vulnerability and a security advisor for dealing with the latest wave of Intel CPU flaws that came to light only a few hours before the patch release.

DHS identifies vulnerability for Phillips Tase EMR, issues advisory

PARCA eNews – April 30, 2019 – The Department of Homeland Security issued an advisory to users of the Phillip Tasy electronic medical records on April 30, 2019. The advisory noted that the EMR system was vulnerable to low-skill-level exploitation and outlined steps users can take to mitigate the problem.

Philips Tasy EMR is a comprehensive healthcare informatics solution that integrates all areas of the healthcare environment, connecting clinical and non-clinical domains within a hospital system.

HiMSS redefines interoperability

PARCA eNews – April 28, 2019 – One of the major changes that came out of the HiMSS19 annual meeting last February was an effort to redefine what interoperability really means.

The organization produced a proposed definition and invited comment from industry professionals.