healthcare technology

Cybersecurity attacks on Healthcare and Public Health (HPH) critical infrastructure, such as healthcare delivery organizations (HDOs), are occurring with greater frequency.  Disruptions in clinical care operations can put patients at risk.

Securing critical infrastucture is a shared responsibility across many stakeholders, and with respect to medical
devices the primary stakeholders are FDA, Medical Device Manufacturers (MDMs), and HDOs.

 

A common preparedness and response challenge FDA heard from its stakeholders in the aftermath of the aforementioned attacks is that

• HDOs did not know with whom to communicate (e.g. MDM-HDO interactions);
• what actions they might consider taking;
• and what resources were available to aid in their response.

 

Without timely, accurate information and incorporation of medical device cybersecurity into their organizational emergency response plans, it was difficult for HDOs to assess and mitigate the impact of these attacks on their medical devices.

 

To address this unmet need, the MITRE team (with the support of FDA), engaged with a broad distribution of stakeholder groups to understand the gaps, challenges, and resources for HDOs participating in medical device cybersecurity preparedness and response activities.

 

Their efforts resulted in the creation of this playbook that may serve as a resource for HDOs.

 

The playbook provides a stakeholder-derived, open source, and customizable framework that HDOs may choose to leverage as a part of their emergency response plans in order to ultimately limit disruptions in continuity of clinical care as well as the potential for direct patient harm stemming from medical device cyber security incidents.

 

The link to the PDF of the first version of the playbook -> https://www.mitre.org/sites/default/files/publications/pr-18-1550-Medical-Device-Cybersecurity-Playbook.pdf

 

America’s medical records systems are flirting with disaster, say the experts who monitor crime in cyberspace. A hack that exposes the medical and financial records of hundreds of thousands of patients is coming, they say — it’s only a matter of when.

As health data become increasingly digital and the use of electronic health records booms, thieves see patient records in a vulnerable health care system as attractive bait, according to experts interviewed by POLITICO. On the black market, a full identity profile contained in a single record can bring as much as $500.

“What I think it’s going to lead to, if it hasn’t already, is an arms race between the criminal element and the people trying to protect health data,” said Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC. “I think the health data stewards are probably a little behind in the race. The criminal elements are incredibly sophisticated.”

The infamous Target breach occurred last year when hackers stole login information through the retailer’s heating and air system. Although experts aren’t sure what a major health care hack would look like, previous data breaches have resulted in identity and financial theft, and health care fraud.

Significant breaches are already occurring. Over the course of three days, hackers using a Chinese IP address infiltrated the St. Joseph Health System in Bryan, Texas, and exposed the information of 405,000 individuals, gaining names, address, Social Security numbers, dates of birth and other information.

It was the third-largest health data breach tracked by the federal government.

The L.A. Gay & Lesbian Center reported late last year that hackers attacked its computer systems over a course of two months trying to steal credit card, Social Security and other financial information. About 59,000 clients and former clients were left vulnerable.

While a stolen credit card or Social Security number fetches $1 or less on the black market, a person’s medical information can yield hundreds of times more, according to the World Privacy Forum. Thieves want to hack the data to gain access to health insurance, prescription drugs or just a person’s financial information

The Identify Theft Resource Center — which has identified 353 breaches in 2014 across industries it tracks, says almost half occurred in the health sector. Criminal attacks on health data have doubled since 2000, according to the Ponemon Institute, an industry leader in data security.

Health care is the industry sector least prepared for a cyberattack, according to security ratings firm BitSight Technologies. The industry had the highest volume of threats and the slowest response time, leading the FBI in April to issue a warning to health care providers.

Read more: http://www.politico.com/story/2014/07/electronic-health-records-theft-108856.html#ixzz37SDFnUKa