Hospitals

now browsing by tag

 
 

#infosec | US Hospitals Fined $2.175M for “Refusal to Properly Report” Data Breach

Source: National Cyber Security – Produced By Gregory Evans An American health services provider has agreed to pay a fine of $2.175m after refusing to properly notify Health and Human Services of a data breach. In April of 2017, a complaint regarding Sentara Hospitals was received by the Department of Health and Human Services (HHS). The complainant said […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Google Slurps 150 Hospitals’ Patient Data With No Consent

Source: National Cyber Security – Produced By Gregory Evans

The mysterious Project Nightingale has been revealed as a secret Google operation to store and manipulate the healthcare data of millions of patients. Nobody consented—nobody was asked.

Google claims it’s all legal. Perhaps it is, but is it ethical? And is it a good look to be found out?

It’s no wonder people don’t trust Google any longer. In today’s SB Blogwatch, we feel sick.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: diabetuhs.


Florence Looks Cross

What’s the craic? Rob Copeland reports—“‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans”:

 Google is engaged with one of the U.S.’s largest health-care systems on a project to collect and crunch the detailed personal-health information of millions of people across 21 states. [It] appears to be the biggest effort yet by a Silicon Valley giant to gain a toehold in the health-care industry through the handling of patients’ medical data.

Google began Project Nightingale in secret last year. … Neither patients nor doctors have been notified. … Privacy experts said it appeared to be permissible under federal law [HIPAA].

The data involved in the initiative … amounts to a complete health history, including patient names and dates of birth. [But] staffers across … Google’s parent have access to the patient information.

Google, like many of its Silicon Valley peers, has at times drawn criticism for not doing enough to protect user privacy. … Google co-founder Larry Page, in a 2014 interview, suggested that patients worried about the privacy of their medical records were too cautious.

Yikes, is that true? Natasha Singer, Daisuke Wakabayashi, Reed Abelson, and Aaron Krolik second-source the claims—“Google to Store and Analyze Millions of Health Records”:

 The partnership between Google and the medical system, Ascension, could have huge reach. Ascension operates 150 hospitals. … It is legal [but] many patients may not trust Google, which has paid multiple fines for violating privacy laws, with their personal medical details.

Google’s handling of health care data is a touchy subject. … Dozens of Google employees may have access to patient data like name, birth date, race, illnesses and treatments, according to … internal documents obtained by [us].

At least a few Ascension employees in the project have raised concerns that Google employees downloaded patient data, according to the internal documents. They have also raised concerns about whether all of the Google software involved in processing Ascension patient data complies with … HIPAA.

Busted! Google’s Tariq Shaukat quickly rushes out a PR blurb about, “Our partnership with Ascension”:

 Today, we’re proud to announce more details on our partnership with Ascension. … There’s been a good deal of speculation … so we want to make sure everyone has the facts.

Our work with Ascension is … a business arrangement to help a provider with the latest technology, similar to the work we do with dozens of other healthcare providers. … All of Google’s work with Ascension adheres to industry-wide regulations.

This is standard practice. … It’s understandable that people want to ask questions.

Standard business arrangement? Nothing to see here? Bogdan Petrovan concludes, “Google rushes to explain what it’s doing with all that medical data”:

 Yesterday, a bombshell report … revealed details about a partnership between Google and Ascension. … For privacy advocates, this revelation is understandably worrying.

Shaukat confirmed Google’s work with Ascension, but said there’s nothing unusual or shady about it. … Google said it merely provides Ascension with some services.

There is … little reason to doubt its claims. … That said, the fact that Google rushed out a blog post to “proudly announce” Project Nightingale speaks volumes.

Google is becoming synonymous with a disregard for privacy, perhaps not entirely unfairly. … The average consumer won’t care, and cannot be expected to know, that Google Cloud is HIPAA compliant or that hospitals have been routinely sharing data … for decades.

Fighting this perception of untrustworthiness is a huge challenge for Google, and it’s only going to get harder.

You can say that again. rnturn doesn’t buy Google’s claims of legality:

 It’s a massive violation of the protections set up under HIPPA. Or, at least, the vast majority of Americans have been led to believe it’s a violation of the law.

Most people think that HIPPA covers any and all disclosures but … employers, insurance companies, and others … aren’t covered by that aspect of the law. This is rarely, if ever, mentioned.

But Farzad Mostashari—@Farzad_MD—worries about culture (and not the sort in a petri dish):

 The perception of Google culture is that no-one curbs the curiosity of engineers. … They have to convince people that they actually have controls in place to ensure that the data is only being used for the purposes of the agreement.

The perception [is] Google’s culture makes it more likely (than at a claims clearinghouse) for an individual engineer to play around with data, not [realizing] they are breaking the terms of [an] agreement.

However, oakmad hopes privacy fears won’t trump actual healing:

 My start up is in the healthcare space. … There’s definitely a group here who think that [patients] just need to accept that their data is going be fed into models … as it will help outcomes and costs, etc.

Having seen some of the results that AI is catching out in the field I’m tending towards universal good over personal privacy – though I may regret that.

So merely a PR flub? Yasmeen Shorish—@yasmeen_azadi—says no:

 We’re out here chasing after ethics education in data science while AI applications are being deployed in secret and potentially problematic ways. The lack of disclosure to patients and doctors is completely inexcusable.

Another example of something legal, but not very ethical.

And QuietLagoon asks the obvious question:

 If the data are so useful to those who steal it from patients and beneficial to those patients, then why perform the collection surreptitiously and without the permission of … the patients?

Meanwhile, ufgrat wonders if—on paper—Google did get permission:

 If patients are being tricked into signing away their rights, the lawsuits could be… spectacular.

And Finally:

So you’ve got diabetes; but how to pronounce it?

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: U. Texas at Austin

Source link

The post #cybersecurity | #hackerspace |<p> Google Slurps 150 Hospitals’ Patient Data With No Consent <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Hospitals must band together to beat hackers

Source: National Cyber Security – Produced By Gregory Evans

Consider this a rallying cry: Hospitals, health systems and networks need to join forces, organize, come together as a community, to proactively fend off hackers, hacktivists, organized criminals and other emerging threats all trying to penetrate healthcare entities to either steal patient data or, worse, destroy it altogether. It’s not…

The post Hospitals must band together to beat hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hospitals Gain Control After Ransom Hack, More Attacks May Come

Source: National Cyber Security – Produced By Gregory Evans

Hospitals Gain Control After Ransom Hack, More Attacks May Come

Most U.K. health facilities whose computer systems were crippled in a global cyber-attack are back to normal operation, Home Secretary Amber Rudd said, even as experts warned that hackers would probably launch a new round of attacks with many computers still vulnerable. About 97 percent of facilities and doctors affected are able to work normally, Rudd said Saturday after a …

The post Hospitals Gain Control After Ransom Hack, More Attacks May Come appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why cybersecurity should be important to hospitals

Source: National Cyber Security – Produced By Gregory Evans The rise of digitization in healthcare, heavily fueled in the U.S. in recent years by incentives of the outgoing administration, has brought an unintended and treacherous side-effect: vulnerability to the increasingly rampant hacking of healthcare data. Hackers have found numerous … The post Why cybersecurity should […]

The post Why cybersecurity should be important to hospitals appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

Supreme Court to Weigh Whether Pension Rules Apply to Church Schools, Hospitals

The justices will decide whether religious affiliates must adhere to the federal law that regulates private pension plans or whether a “church plan” exemption still applies.

View full post on The School Law Blog – Education Week







#pso #htcs #b4inc

Read More

The post Supreme Court to Weigh Whether Pension Rules Apply to Church Schools, Hospitals appeared first on Parent Security Online.

View full post on Parent Security Online

Another hospital’s been hacked, this time in Kansas

3471403Your ads will be inserted here byEasy Plugin for AdSense.Please go to the plugin admin page toPaste your ad code OR Suppress this ad slot. Kansas Heart Hospital in Wichita was hit by ransomeware last week. When they paid up, they didn’t get full access back to their files. The hackers demanded more money. It […] View full post on AmIHackerProof.com | Can You Be Hacked?

Hospitals under pressure to digitize everything as hacker’s make it their biggest new target

Source: National Cyber Security – Produced By Gregory Evans

Hospitals under pressure to digitize everything as hacker’s make it their biggest new target

The cyberattack on MedStar Health — one of the biggest health-care systems in the Washington region — is a foreboding sign that an industry racing to digitize patient records and services faces a new kind of security threat that it is ill-prepared to handle, security experts and hospital officials say. For years, hospitals and the health care industry have been focused on keeping patient data from falling into the wrong hands. But the recent attacks at MedStar and other hospitals across the country highlight an even more frightening downside of security breaches: As hospitals have become dependent on electronic systems to coordinate care, communicate critical health data and avoid medication errors, patients’ well-being may also be at stake when hackers strike. Hospitals are used to chasing the latest medical innovations, but they are rapidly learning that caring for sick people also means protecting their medical records and technology systems against hackers. An industry that has traditionally spent a small fraction of its budget on cyberdefense is finding it must also teach doctors and nurses not to click on suspicious links and shore up its technical systems against hackers armed with an ever-evolving set of tools. In some ways, health care […]

The post Hospitals under pressure to digitize everything as hacker’s make it their biggest new target appeared first on National Cyber Security.

View full post on National Cyber Security

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan. IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year.

Source: National Cyber Security – Produced By Gregory Evans

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers.   “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.”   The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director )   “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said.   As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them.   The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan.  IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year.

He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post He is special guest at the Ground Zero Summit 2015 being organised by Indian Infosec Consortium – a group of ethical hackers. “Threat to national security has moved to the digital dimension. Terrorist organisations have turned social networks and online forums into recruitment hotbeds and propaganda mechanisms. We need a security apparatus in the digital space to address this threat. Hackers are the face of this digital army.” The actor said he is bringing his whole team including scriptwriters of the show to observe and interact with the ethical hacker community. (Also Read: Tabu Has Shown Interest in 24, Says Director ) “From November 22, I will start shooting for 24. It will go on air in 2016. When an actor prepares for a role, we often start to live like the character. Some call it method acting. We meet real life people like the character and try to understand their nuances, their life,” he said. As per the summit’s website, speakers will share details of the espionage mission as well as hold sessions on hacking of cellular networks, medical devices in hospitals, using technical loopholes in them. The consortium claims to have discovered cyber espionage operation under which phones of Indian Army personnel, who had downloaded some mobile application related to news, had been compromised by hackers based in Pakistan. IIC CEO Jiten Jain has said that the findings were handed over to security agencies who promptly acted and sanitised the infected handset early this year. appeared first on National Cyber Security.

View full post on National Cyber Security

FDA alert advises hospitals and med centers stop using hacker-vulnerable networked IV pumps

Source: National Cyber Security – Produced By Gregory Evans

The U.S. Food and Drug Administration has issued an alert advising hospitals, nursing homes, and other medical care centers to stop using the Symbiq Infusion System of intravenous pumps, which deliver IV medications with dosages programmed over a hospital’s wireless network. As the FDA’s release says: “The FDA, the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), and [pump manufacturer] Hospira are aware of cybersecurity vulnerabilities associated with the Symbiq Infusion System. FDA strongly encourages health care facilities transition to alternative infusion systems, and discontinue use of these pumps. Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network.” If a hacker did gain such illicit remote access, it would be trivially easy to change the programmed drug doses, with results that could be harmful or even fatal to patients. However, the FDA stressed that thus far, there’s no evidence any hackers actually have taken advantage of this although “due to recent cybersecurity concerns, the FDA strongly encourages health care facilities to begin transitioning to alternative infusion systems as soon as possible.” Healthcare hacking poses major problem Those unnamed “recent cybersecurity concerns” surely refer to the near-constant […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post FDA alert advises hospitals and med centers stop using hacker-vulnerable networked IV pumps appeared first on National Cyber Security.

View full post on National Cyber Security