dismiss

Clean Sweep Live Auction on Wed. May 1st. Click to view the full inventory

DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Pediatrics
SEARCH
Current Location:
>
> This Story


Log in or Register to rate this News Story
Forward Printable StoryPrint Comment
advertisement

 

advertisement

 

Health IT Homepage

VisualDx to develop decision support platform for ultrasound in space Provide basic guidance on ultrasound interpretation

HHS releases second draft of TEFCA for nationwide interoperability Requirements for sharing electronic health information

Want to reduce readmissions? Let’s start with keeping patients healthier Insights from Robin Hill, chief clinical officer at Vivify Health

Decision support software could reduce scans by 6 percent: MIT researchers Prevent overuse of powerful and costly imaging exams

CMS to add more telehealth benefits to Medicare Advantage plans Aiming for greater flexibility, lower costs

Fredrik Palm ContextVision appoints new CEO

Trice Imaging connects imaging devices of large chain healthcare provider Aleris Patients and physicians can view images on laptops, cell phones

Three recommendations to better understand HIPAA compliance Approximately 70 percent of organizations are not HIPAA compliant

Researchers orchestrate malware attack to expose imaging vulnerabilities Deceived radiologists and AI algorithms into misdiagnoses

How hyper-targeting patient communications can improve medication adherence Providing specific messages can make a world of difference

Kristopher Kusche says providers focus too
much on meeting regulations and not
enough on ensuring if their security
systems are efficient

At HIMSS, lessons from the front lines of the WannaCry cyber attack

by John R. Fischer , Staff Reporter
Four minutes after an initial alert from NYSIC-CAU, Albany Medical Center received another from its anti-malware security vendors, prompting it to initiate a series of protective actions; from IDS/IPS network address and file blocking, to network traffic pattern block rules, to the patching of servers and medical devices.

The date was Friday, May 12, 2017, the first of four days that saw more than 300,000 computers worldwide infected by the WannaCry Ransomware attack. In recounting the experience, Kristopher Kusche, vice president and chief information security officer at AMC, told a group of onlookers at HIMSS 2018, at the Sands Expo and Convention Center in Las Vegas, that health care providers should expect more trouble on the horizon.

Story Continues Below Advertisement

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.



“Because of our position and because of the way we have elaborated our infrastructure not to keep up with sectors like banking, we have become targets, accidental targets,” he said during his presentation, Getting Ready for the Next International Cyber-⁠attack. “There’s not one federal agency that will say that health care was in the attack vector on these things. We weren’t in the plan. These things wouldn’t have targeted us, which kind of makes it a little more difficult because these things were random. Now, we have to protect against everything because we’re not the target, we’re not the target of this stuff. But where somebody finds a hole, they take advantage of it. That’s what happened at AMC.”

Health care accounted for 28 percent of all breaches in 2017; more than any sector, with 374 reported in total, and an impact on more than 5.1 million patient records.

Though AMC addressed its attack in a matter of hours, Kusche says the lack of education of staff, as well as inadequate PHP policies, open network ports, lack of encryptions, and inadequate solutions for internal defense have made providers and health systems vulnerable to the same fate.

To prevent the occurrence of this, he advises that organizations create their own cybersecurity framework (CSF), broken down into a series of necessities from workforce security to threat monitoring and assessment.

An effective CSF he says should be simple enough for staff to understand and execute, having backing from leaders, such as CIOs and boards; and should be compared to maturing models, such as the NIST cyber framework, for improvement. “It tells us where we are at in implementing and maintaining our security programs.”

The most basic step in a CSF is risk assessment, carried out by keeping an inventory of any issues that pose a risk with the end result being the creation of a risk registry that lists any issues an organization formally recognizes and plans to address by a certain point.
  Pages: 1 - 2 >>

Health IT Homepage


You Must Be Logged In To Post A Comment

Advertise
Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Directory
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Requests
Gold Service Dealer Program
Receive RFP/PS
Requests
Healthcare Providers
See all
HCP Tools
Jobs/Training
Find/Fill
A Job
Parts Hunter +EasyPay
Get Parts
Quotes
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Quotes
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2019 DOTmed.com, Inc.
ALL RIGHTS RESERVED