Security News

The healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys's research findings of cloud risks and cloud maturity by industry, revealed at RSA Conference 2020. The healthcare industry showed significantly more exposed databases and more exposed remote login services.

"Phishing continues to be one of the primary breach vectors in the healthcare industry. It is cheap, effective and profitable to the cyber-criminal element," says Rich Curtiss, director of healthcare risk assurance services at security consultancy Coalfire. "Health records command a hefty price on the 'dark web' and are relatively easy to acquire through phishing attacks. Phishing is an organizational threat and not an IT problem. Addressing the threat must be a strategic imperative and, to be truly effective, must be part of the organizational culture."

Number of records exposed in healthcare breaches doubles. According to the findings, the total number of records breached more than doubled from 2018 to 2019.

As we enter the twenty-twenties, healthcare has separated from the pack and is, by a wide margin, the most cyber-targeted industry. The healthcare industry plays host to roughly 70% of all US data breaches.

As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. Care critical devices that are directly connected to patients like infusion pumps, ventilation, anesthesia, patient monitoring and such obviously represent the most critical endpoints from a security perspective.

Cynerio announced the addition of the virtual segmentation capability to their platform. The Cynerio platform's new virtual segmentation capability automatically delivers safe and effective policies in a matter of weeks by customizing segmentation policy for every device type, limiting the attack surface, and ensuring clinical services remain intact.

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The GE Healthcare product vulnerabilities are the latest example of the medical device cybersecurity challenges the healthcare sector faces.

Researchers have discovered six critical and high-risk vulnerabilities - collectively dubbed MDhex - affecting a number of patient monitoring devices manufactured by GE Healthcare. The flaws may, according to GE Healthcare, allow an attacker to make changes at the device's OS level that may render the device unusable or interfere with its function, make changes to alarm settings on connected patient monitors, and utilize services used for remote viewing and control of multiple devices on the network to access the clinical user interface and make changes to device settings and alarm limits, which could lead to missed, unnecessary, or silenced alarms.

Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS's Cybersecurity and Infrastructure Security Agency and healthcare cybersecurity firm CyberMDX revealed on Thursday. GE Healthcare has also inadvertently exposed SSH private keys, making it possible for hackers to remotely connect to devices and execute malicious code.

To ensure the highest levels of endpoint security across more than 8,000 devices and to help achieve HIPAA compliance in the face of rising data breaches across the healthcare industry, Apria Healthcare leverages Absolute, the leader in endpoint resilience, for comprehensive endpoint visibility and control. "Persistence [located] in the BIOS is the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better," said Janet Hunt, Senior Director, IT User Support at Apria Healthcare.