Archive for the ‘healthcare’ Category

UPS plans to deliver vaccine-toting nurses to your doorstep

March 22nd, 2019
A United Parcel Service Inc. (UPS) logo is displayed on the door of a truck

Enlarge / A United Parcel Service Inc. (UPS) logo is displayed on the door of a truck (credit: Getty | Bloomberg)

UPS is crossing the threshold into healthcare, with plans for a new service that will deliver vaccine-toting nurses to customers' doorsteps.

A test for the new service is scheduled for later this year, but UPS didn’t name where it will take place or which vaccine it will offer, only saying that it would be an immunization for adults against a viral illness. Vaccine-maker Merck & Co is reportedly considering partnering with UPS on the service.

News of the plan was first reported by Reuters. Ars confirmed the report with UPS, but a UPS spokesperson specifically working on the project did not immediately get back to us. This post will be updated with any additional information we receive.

Read 6 remaining paragraphs | Comments

Posted in amazon, delivery, healthcare, logistics, nurses, science, ups, vaccines | Comments (0)

“Disruptive” Bezos healthcare venture accused of copying competitor

January 25th, 2019
Jeff Bezos, founder and chief executive officer of Inc.

Enlarge / Jeff Bezos, founder and chief executive officer of Inc. (credit: Getty | Bloomberg)

Jeff Bezos and fellow billionaire CEOs Warren Buffett and Jamie Dimon teamed up last year to form a healthcare company they hoped would shake up the country’s pricey and bloated health industry. But, gripped by a new lawsuit, the still-unnamed fledgling venture may be heading for a shakeup of its own.

A UnitedHealth Group subsidiary called Optum filed a lawsuit in Massachusetts District Court in Boston last week, alleging that its former executive, David Smith, has breached his noncompete agreement and is divulging invaluable trade secrets to the Bezos, Buffett, and Dimon startup. Last month, Smith accepted a high-level position at the startup, which Optum calls “ABC” in the lawsuit (a nickname that refers to the three founders’ companies, Amazon, Berkshire Hathaway, and JPMorgan Chase, respectively).

Optum’s complaint (PDF) does not list ABC as a defendant (only Smith), but it takes a few swipes at the company. Specifically, it accuses ABC of trying to steal its thunder as a technology- and analytics-driven venture that works to improve healthcare quality and efficiency while reducing costs.

Read 17 remaining paragraphs | Comments

Posted in amazon, bezos, healthcare, lawsuit, Noncompete clauses, Policy, science, theft of trade secrets, trade secrets, Warren Buffett | Comments (0)

Scanners to be patched after government warns of vulnerabilities

August 9th, 2017

Siemens says that there’s no evidence its scanners have been compromised – but the patches will be ready by the end of the month

Posted in healthcare, IoT, medical devices, Security threats, Siemens, Vulnerability | Comments (0)

June 28, 2017 – Hack Naked News #131

June 30th, 2017

DoD networks have been compromised, the Shadow Brokers continue their exploits, a Pennsylvania healthcare system gets hit with Petya, and more. Jason Wood of Paladin Security joins us to discuss nations’ offensive technical strengths and defensive weaknesses on this episode of Hack Naked News! Doug’s Stories: — Shadowbrokers continue their exploits by planning to dox […]

The post June 28, 2017 – Hack Naked News #131 appeared first on Security Weekly.

Posted in DOD, Hack Naked News, healthcare, Jason Wood, Paladin Security, Pennsylvania, Petya, shadow brokers | Comments (0)

Preparing for GDPR – Navigating a Perfect storm in Healthcare

June 28th, 2017

This is the fifth in a series of blog posts designed to help enterprise security and business executives prepare for GDPR throughout 2017

Recent ransomware incidents have put a spotlight firmly on the state of security within healthcare and there’s a perception that this industry is trailing others. Is that fair?

If we look at data loss prevention (DLP), which is particularly relevant with GDPR now less than a year away, then the 2016 Data Protection Benchmark Study from the Ponemon Institute, sponsored by McAfee, sheds some light. It puts healthcare “running about six months behind other industries” in terms of DLP deployment length and maturity.

And that’s important, not just because healthcare can be a matter of life and death, but because of the value of that particular data. Ponemon puts an average value of $355 on each patient record.

Meanwhile healthcare comes in second to only financial services in Verizon’s 2017 Data Breach Investigations Report, accounting for 15 per cent of all breaches.

So is this a perfect storm? On the one hand GDPR will mean significant penalties and a consistent framework to adhere to, while on the other hand the bad guys see an industry with valuable data that could be better protected.

Intel’s recent research, of 88 healthcare and life sciences organisations spanning nine countries, highlights a staggering range in readiness for attacks by ransomware, for example, judging by the number of relevant security capabilities these organisations have in place. It may seem strange to connect a discussion on GDPR and ransomware but it makes sense. What is ransomware if not a denial of service against data and how can you be sure that attackers can’t access the data they just encrypted? If you can’t stop the ransomware in the first place, there is a good chance you can’t stop the exfiltration in the next phase of the attack.

However, there are sensible steps the healthcare industry can take to become GDPR-ready. For these causes of data loss in healthcare, for example, Verizon’s report recommends specific actions:

Miscellaneous errors – which in 76 per cent of cases are embarrassingly pointed out by a customer – Have, and enforce, a formal procedure for disposing of anything that might contain sensitive data. And establish a four-eyes policy for publishing information.

Physical theft and loss – Encrypt wherever possible data at rest and establish handling procedures for printing out sensitive data.

Insider and privilege misuse – Implement limiting, logging and monitoring of use, and watch out for large data transfers and use of USB devices.

(Source: Verizon 2017 Data Breach Investigations Report.)

We would more broadly add that you can’t protect what you can’t detect. Visibility is key. As the Ponemon research put it, DLP solutions should cover data at rest, in processing and in motion, on the corporate network, endpoints and clouds. They form the basis of a good data security programme. Adequate staffing is also important and while automation and machine learning will help, they cannot replace staff entirely.

Some final guidance: Organisations can protect their sensitive data and be more likely to be GDPR-ready by taking these five critical steps:

  • Conduct an Impact and Readiness assessment
  • Review current data security programme to ensure you can prevent accidental and malicious data theft attempts
  • Assess application and DevOps security controls and procedures
  • Review your use of cloud infrastructure and software-as-a-service to minimise exposure to data loss
  • Develop specific data breach detection and response capability in the SOC

The post Preparing for GDPR – Navigating a Perfect storm in Healthcare appeared first on McAfee Blogs.

Posted in GDPR, healthcare, Safeguard Data, safeguard vital data | Comments (0)

Healthcare CERT warns about ‘Mole’ ransomware – what you need to know

April 25th, 2017

More ransomware: this one changes your file extensions to .MOLE, thus the name.

Posted in healthcare, Mole, ransomware, SophosLabs | Comments (0)

Stop Losing Sleep over Compliance Audits

November 8th, 2016

Regulations take many forms, depending upon the industry, the region, and the type of data being protected, but one thing is consistent among them: regulators frown on poor data-protection practices.Compliance can be a chore, and many organizations try to minimize the pain by taking a “one and done” approach. They go through all the necessary steps once and then walk away, assuming the job is done.

Unfortunately, cyber criminals don’t agree. Their tactics are always changing, as are the types of data they seek to steal.

HIPAA Revisited

Take healthcare records. It’s safe to say that when U.S. healthcare organizations implemented the Health Insurance Portability and Accountability Act (HIPAA) compliance plans a decade ago, they didn’t expect that these records would become such a hot commodity. And until recently criminals didn’t bother much with them, preferring to pilfer credit card and bank account numbers instead. But as financial institutions have turned up their defenses, crooks have discovered that there’s gold in medical data and even an entire hidden data economy for stolen medical data.

More than 100 million healthcare records were stolen last year, an 11,000% increase over 2014. It turns out that those data troves often contain Social Security numbers, credit card data, and insurance information, which can be used to fraudulently dispense prescriptions and pay for operations. Stolen credit cards go for a couple of dollars on the black market, but insurance records can command $60 each.

With the rise of state-sponsored hacking, new types of healthcare information have also come into play. For example, field trial data about new medications is now a prime target for hackers engaged in corporate espionage or biological warfare. Five years ago, that wasn’t a major issue.

Tactics also change. Few people had even heard of ransomware three years ago; today it’s one of the leading forms of malware. Ransomware is primarily spread through phishing attacks, which demands that organizations exercise increased vigilance with email filtering.

New regulations are raising the bar on compliance. The European Union’s General Data Protection Regulation (GDPR) promises strict rules for protecting data and disclosing data breaches – and hefty fines for non-compliance. While the GDPR doesn’t go into effect until 2018, any organization that does business in Europe needs to begin preparing now for the upcoming changes.

What to do

Compliance tactics for safeguarding data must adjust for this new reality. Most regulations are unspecific about how data should be protected, which is both a good and a bad thing. The positive is that your organization has some flexibility in implementing protections. The negative is that there’s no way to get inside the minds of regulators who come calling for an audit.

A few basic tactics will serve you well.

  • Work closely with your legal counsel and internal auditors to understand any specific rules that apply to your company or industry. They shouldn’t be shy about calling up regulators for guidance.
  • Scan your inventory to see what kind of information you have. If credit card numbers or Social Security numbers are in your files, you’ll need to protect them. Ignorance is not an excuse, and auditors will give you points for having done this spade work.
  • Match protection measures to the data. For example, names and ages may not need to be protected as carefully as financial records and insurance account numbers. Encrypting or tokenizing sensitive data is a good step, but be sure any accounts that have access to encryption keys or tokens are secured with two-factor authentication. The first thing attackers look for is password files.
  • Use data loss prevention (DLP) to automatically discover and classify information. DLP software can be set to issue warnings, challenges or outright denials to requests for data. It’s a particularly useful tool for preventing disclosure – whether intentional or not – by insiders.
  • Make compliance part of someone’s job. Adherence demands paying close attention to trends and vulnerabilities. One of more people should be accountable for tracking these changes. Auditors will appreciate that when they come to call.

The post Stop Losing Sleep over Compliance Audits appeared first on McAfee Blogs.

Posted in DLP, healthcare, ransomware, Safeguard Data | Comments (0)

Report: Feds Mull Bug Bounty Contest for Medical Devices

June 27th, 2016

In-brief: Following the success of the Hack the Pentagon bug bounty program, officials at the U.S. Department of Health and Human Services are considering launching a similar program aimed at medical devices and other healthcare systems.  If imitation is the sincerest form of flattery, then the U.S. Department of Defense should be feeling pretty good about its recently announced “Hack the Pentagon” bug bounty program. Just a few months after the DOD unveiled a bug bounty program that provided financial incentives to security researchers and “white hat” hackers to have at its networks, the Chief Privacy Officer at the Department of Health and Human Services (HHS) has made public statements that suggest HHS is considering a similar program. From the article, over at Federal Times: HHS officials mentioned the DoD’s recently completed pilot program—which paid bounties to hackers who were able to discover cyber vulnerabilities at the agency, also known as ethical hacking—as […]

Definitive Guide to DLP

Posted in bounty, Breaking Security News, Bugcrowd, DOD, Embedded, Government, HackerOne, healthcare, HHS, medical devices, medicine, software development, Top Stories, vulnerabilities | Comments (0)

SAP forges Internet of Things security partnerships | Inside SAP

November 23rd, 2015

In-brief: SAP AG announced alliances with a string of software and hardware makers to provide end to end security for Internet of Things deployments. Check Point and Intel are among the company’s partners. We noted last week that enterprise systems by the likes of Oracle and SAP are proving to be weak links in the Internet of Things security chain.  That story noted this piece over at VICE’s Motherboard that noted some research suggesting that ERP (enterprise resource planning) platforms are being targeted in attacks on firms in the oil and gas industry. Well, it seems that security in the context of IoT isn’t lost on huge platform vendors like SAP. Note this news from Inside SAP about a raft of new partnerships that seek to address security up and down the chain. Among the companies SAP said it will partner with are Check Point Software Technologies, for “a security architecture designed to […]

Posted in Check Point Software Technologies, connected devices, critical infrastructure, Energy, Finance, healthcare, Intel, Internet of things, partnerships, Patching, Reports, SAP, smart infrastructure, Telecommunications, Top Stories, vulnerabilities | Comments (0)

Ars is hiring! Can you handle healthcare?

September 2nd, 2015

Ars is looking to hire someone to cover healthcare, medicine, and all things related to the science of the body! Our ideal candidate knows the difference between absolute and relative risk and would be able to intelligently discuss both the facts and the real-world implications of health care policy and law. They’d also be interested in how technology is changing the shape of healthcare.

The candidate would cover topics ranging from medical research and progress of emerging diseases to consumer hardware that monitors health and fitness; we might also send you to DR Congo to cover an Ebola outbreak. Ha ha! Kidding! (Maybe.)

This is a full-time position with benefits, including insurance and 401(k), reporting to the Ars Technica editor-in-chief. As with all jobs at Ars, there are daily writing expectations—the candidate would have a regular output of news about healthcare and research happenings and would also write longer report-length (500-1,000 words) and feature-length (2,000+ words) in-depth pieces about topics as they come up. You’ll get to work closely with two senior editors as part of your job and have an opportunity to develop your own editing skills.

Read 1 remaining paragraphs | Comments

Posted in healthcare, Staff | Comments (0)