medical device insecurity

Medical Device Insecurity

TechNewsWorld.com posted an interesting article by Jonathan Terrasi about how healthcare professionals have increasingly become more aware of the need for more diligent medical device security.

For example, a presentation at the Black Hat security conference revealed severe flaws in currently available pacemakers. Implanted pacemakers are networked devices that are always on making them vulnerable to breaches. And that’s only one example.  Other vulnerable objects include connected IoT medical devices like insulin pumps that are connected to networked CT scanners.

The article states “No legislation looms larger in healthcare regulation than the Health Insurance Portability and Accountability Act, better known as ‘HIPAA.’ It is undoubtedly a landmark in patient protection in the digital age, but its singular focus on privacy and the fact that its authorship predates widespread medical IoT has yielded some unintended detrimental consequences for device security.”

Securing patient healthcare information is always a hot topic of conversation as breaches can result in hefty payouts.

website litigation

Poor Website Designs Could Result in Legal Actions

Internet marketing has steadily risen. The U.S. Census Bureau estimates that e-commerce sales could double between 2009 and 2018 with the dollars reaching $127.3 billion by the second quarter this year.

In an article by John K. Higgins on Ecommercetimes.com, it was pointed out that the rules for business transactions are and should be the same whether they are in reference to online or in person sales. However, this is not always the practice as evident by recent court cases resulting from poorly presented websites where vendors have mismanaged the display or content.

Bottom line is that website messages must be conspicuous. Case in point is Uber Technologies who incorrectly added the cost of local tolls to customer bills. Uber hadn’t properly displayed both an arbitration and a prohibition against litigation and because the notice wasn’t conspicuous enough, it wasn’t considered to be legally valid. Both Amazon and Barnes & Noble have encountered similar incidents.

The article has many more examples of litigation and sums it all up with some valid advice. Web designers strive to make sites creative and compelling. But, when it comes to electronic documents, vendors need to be sure the arbitration clause in the terms and conditions is not only crystal clear, but that the links are obvious and the user has to make a minimum of clicks to read the document and then clicks on the “I Agree” button.

iot as employees

Manage IoT Devices Like Employees

Have you heard the IoT jokes going around on Twitter?  Here are two you’ll enjoy:  “The S in IoT stands for security. But, there is no “S” in IoT. Yes, that’s the point!” Or the one asking “What does IoT stands for? Why, the Internet of Threats of course!

These jokes are not only funny, they’re fact. IoT devices pose a huge security risk. With IoT devices estimated to read 20+ billion by 2020, it’s something we all need to be aware of. The devices are designed to streamline all aspects of our lives. Soon we’ll have refrigerators that will alert us when items are low and need to be restocked and desks that will let us know if we are sitting too long.

The possibilities are endless. Since the devices are used for both personal and business applications, they’re the perfect vehicles to exploit. New security measures need to be initiated for IoT security or malicious attackers will run amuck. To date, security has been an afterthought with unauthorized access being the prime concern. For example, recently the VPNFilter malware that targeted IoT devices infected SOHO (small-office-home-office) routers. You might think that SOHO routers are not very important, but critical infrastructures, like the energy sector, use them. Other IoT devices in danger include the ones installed in smart cars.

This interesting article advises that you manage your IoT devices like employees by

        • Giving the device an identity
        • Apply device governance
        • Employ the principle of least privilege
        • Manage device passwords
        • Monitor the device


homeland security

Homeland Security’s New Center to Combat Cyberthreats

The Department of Homeland Security recently announced the creation of their new center to combat cyberthreats. Called the National Risk Management Center, its core mission is to defend America’s critical infrastructure via greater cooperation between the public and private sectors. The plan is to create one point of access where all of the government resources are grouped together to form a barrier to cyberthreats.

The center will also be a central force in forging anti-cyberthreat strategies by using the power of information sharing between the public and private sectors. Partnerships like this aren’t new, but with the private sector becoming savvier to the sophistication of threats, the partnerships should be more beneficial now than they were in the past. Today there’s a overall realization that a company can’t act alone against cybercrime.


 healthcare cloud computing

5 Important Healthcare Cloud Security Factors

The healthcare cloud has grown and is positioned as a very important part of health information technology. With that growth comes the question of security. Now is the time to not only understand the threats, but to review best practices and reconsider security.

TechNewsWorld.com posted an article by Marty Puranik that delved into five important factors. Briefly, they are:

        1. Realize that the cloud is only going to get bigger because of:
          1. Healthcare R&D
          2. Scalability
          3. Less Investment / Enhanced Collaboration
        2. Understand the importance of security
        3. Be aware of what constitutes healthcare security. Do the following:
          1. Use strong business associate agreements
          2. Focus on disaster recover and upgrades
          3. Perform routine risk assessments
          4. Prioritize training
        4. Rethink security
          1. Deploy blockchain
          2. Automate
          3. Leverage AI threat intelligence
          4. Monitor your infrastructure
          5. Address the IoT
        5. Adapt

This information is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.  Should you have any questions or would like to discuss your risk exposure with your company’s insurance, please contact the insurance pros at ARCW Insurance.  We are here to help.