Archive for the ‘database’ Category

COVID-19 hospital data is a hot mess after feds take control

July 31st, 2020
Members of the medical staff treat a patient in the COVID-19 intensive care unit at the United Memorial Medical Center on July 28, 2020 in Houston, Texas. COVID-19 cases and hospitalizations have spiked since Texas reopened, pushing intensive-care units to full capacity and sparking concerns about a surge in fatalities as the virus spreads.

Enlarge / Members of the medical staff treat a patient in the COVID-19 intensive care unit at the United Memorial Medical Center on July 28, 2020 in Houston, Texas. COVID-19 cases and hospitalizations have spiked since Texas reopened, pushing intensive-care units to full capacity and sparking concerns about a surge in fatalities as the virus spreads. (credit: Getty | Go Nakamura)

As COVID-19 hospitalizations in the US approach the highest levels seen in the pandemic so far, national efforts to track patients and hospital resources remain in shambles after the federal government abruptly seized control of data collection earlier this month.

The Trump administration issued a directive to hospitals and states July 10, instructing them to stop submitting their daily COVID-19 hospital data to the US Centers for Disease Control and Prevention—which has historically handled such public health data—and instead submit it to a new database in the hands of the Department of Health and Human Services. The change was ostensibly made to streamline federal data collection, which is critical for assessing the state of the pandemic and distributing needed resources, such as personal protective equipment and remdesivir, an antiviral drug shown to shorten COVID-19 recovery times.

Watchdogs and public health experts were immediately aghast by the switch to the HHS database, fearing the data would be manipulated for political reasons or hidden from public view all together. However, the real threat so far has been the administrative chaos. The switch took effect July 15, giving hospitals and states just days to adjust to the new data collection and submission process.

Read 13 remaining paragraphs | Comments

Posted in CDC, COVID-19, data, database, healthcare IT, HHS, hospitalization, Infectious disease, IT, pandemic, public health, SARS-CoV-2, science | Comments (0)

A New Year with No Patch Management Hangover

January 17th, 2017

The frequency of database and application vulnerabilities is increasing.  Testing and deploying vendor-issued patches is an ongoing, arduous process that results in a time window of system vulnerabilities that exists until IT staff can bring business-critical databases and applications off-line and deploy patches. The longer the vulnerability window the greater the security risk.

Traditional Patch Management Challenges

With the growth of vulnerabilities, many organizations struggle when using traditional patch management strategies for remediation.   Our new white paper from Aberdeen Group, “Beyond the Patch: Reducing the Risk of Database and Application Vulnerabilities” identifies the key shortcomings of traditional patch management that make remediation so painful:

  • Vendor patches may not be available
  • Vendor patching may not be possible or practical
  • Vendor patching is costly, time consuming and inconvenient
  • Vendor patching does not support up-to-date visibility into what’s happening in your environment

In fact, Aberdeen found that in a $100 million company with 100 database instances, vendor  patching over the course of one year is likely to be complex and time consuming.  Click here for an Infographic with more details on vendor patching issues that may impact your organization.dbpatchingstatsA Virtual Patching Strategy

This New Year you may want to try a different patch management approach.  In comparison to traditional vendor patching, virtual patching can be a highly effective strategy for addressing both the likelihood and business impact aspects of security-related risk.  Aberdeen defines virtual patching as establishing a policy enforcement point that is external to the resource being protected to identify vulnerability exploits before they reach their target.  Virtual patch management offers the following benefits:

  • Automatic updates since direct modifications to resources being protected are not required.
  • Reduced risk since virtual patching reduces the window of vulnerability when vendor patching is not available, not possible, not practical, or deferred to avoid cost and inconvenience.
  • Lowers business impact because virtual patching reduces lost user productivity and lost revenue during the time that databases and applications are disrupted by traditional vendor patching.

A Virtual Patching Solution

McAfee Virtual Patching for Databases shields databases from the risk presented by unpatched vulnerabilities by detecting and preventing attempted attacks and intrusions in real time without requiring database downtime or application testing. This virtual patching solution also helps you continue to protect databases running old database management system (DBMS) versions that are no longer supported by the vendor, adding to the useful life of legacy databases and saving your organization time and money.

McAfee Virtual Patching Advantages

  • Gain protection from threats even before installing vendor released patch updates
  • Eliminate the need for IT and security teams to have DBMS–knowledge
  • Keep production databases online, thanks to non-intrusive software design
  • Protect databases seamlessly with automatic distribution of ongoing updates
  • Facilitate compliance with standards such as PCI DSS, HIPAA, and others

Next Steps

Click here to learn more about how McAfee Database Security can help you solve your traditional patch management challenges.  Plus, download our Aberdeen Group white paper, “Beyond the Patch:  Reducing the Risk of Database and Application Vulnerabilities”, to get more detail on traditional patch management issues and virtual patching strategies.

The post A New Year with No Patch Management Hangover appeared first on McAfee Blogs.

Posted in database, Security Connected, virtual patching, Vulnerability | Comments (0)