Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday June 16 2017, @12:39AM   Printer-friendly
from the lock-down-your-pacemaker dept.

The healthcare sector in the U.S. is in critical condition and in dire need of an overhaul to address widespread and systemic information security weakness that puts patient privacy and even safety at risk, Congressional Task Force has concluded.

The report, released to members of both the U.S. Senate and House of Representatives on Friday concludes that the U.S. healthcare system is plagued by weaknesses, from the leadership and governance of information security within healthcare organizations, to the security of medical devices and medical laboratories to hiring and user awareness. Many of the risks directly affect patient safety, the group found. It comes amid growing threats to healthcare organizations, including a ransomware outbreak that affected scores of hospitals in the United Kingdom.

The final report by the Health Care Industry Cybersecurity Task Force [PDF] is a call to arms for the healthcare sector, featuring more than 30 pages of recommendations and "imperatives," some of which are bound to be the source of controversy. Among other things, the report calls for the creation of a leader role within the Department of Health and Human Services (HHS) focused on cyber security.

[...] The report describes the U.S. healthcare system as a "mosaic" of large health systems, single physician practices, public and private payers, research institutions, medical device and software companies, the U.S. healthcare sector services a diverse and widespread patient population, often through small practices and rural hospitals. The complexity of the system introduces risk and complicates the job of establishing comprehensive cyber security standards.

[...] The report comes amidst a dawning recognition that the nation's biomedical infrastructure is highly connected and vulnerable, said Dale Nordenberg, the Executive Director of the Medical Device Innovation, Safety and Security Consortium.

[...] To tackle the problem, Congress needs to take a holistic approach, notes Fernando of Underwriters Laboratories. "We're not dealing with silo'd and vertical industries. There's a lot of cross cutting." Funding from the federal government won't solve the problem alone, but federal money can promote activities that, over time, will result in public sector and industry action to improve cyber security, he said.

Source: https://securityledger.com/2017/06/cash-for-medical-device-clunkers-task-force-calls-for-healthcare-security-overhaul/

Complete Report


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by jshmlr on Friday June 16 2017, @03:37PM (1 child)

    by jshmlr (6606) on Friday June 16 2017, @03:37PM (#526473) Homepage Journal

    The majority of systems used by Accountable Care Organizations (ACOs, the big "groups" of hospitals and providers) are architect-ed by a small number of manufacturers and software vendors.

    In most cases, ACOs just do their systems planning around these vendor's recommendations, and do very little thinking for themselves. While there are regulations that systems need to meet (especially around proper data collection and medical coding for reimbursement by insurance companies and Medicare/aid) they're generally weak around security, especially at the infrastructure level.

    Since these ACOs take a back seat to the vendors and manufacturers, and since Data Breach Insurance is often cheaper than properly maintained systems, and since health care in the US isn't affected by market forces in the way that businesses are, there is simply no impetus to "do the right thing" here.

    Unfortunately, this means that more regulation is the only viable prescription at this point.

    --
    Need nothing, then see what happens.
  • (Score: 1, Interesting) by Anonymous Coward on Friday June 16 2017, @08:02PM

    by Anonymous Coward on Friday June 16 2017, @08:02PM (#526591)

    systems used by Accountable Care Organizations (ACOs, the big "groups" of hospitals and providers) are architect-ed by a small number of manufacturers and software vendors

    ...and their coders seem to do things in a single-platform way.
    ...and their apps are all closed-source, of course.

    To get away from the easily-pwned OS, one wonders (relative to repeatedly purchasing licenses for Windoze and the apps) how much it would cost to:
    - Write a spec for the app(s).
    - Hire folks who can do Open Source cross-platform app development.
    - Create FOSS replacement app(s).
    - Switch the facilities to an Open Source, less vulnerable OS.

    N.B. Munich said that they saved millions by switching away from Windoze to FOSS.
    The recent instances of Windoze ransomware have the Green Party in Germany noting that the proposed switch back to Windoze is quite stupid.
    (This on top of how expensive it would be.)

    -- OriginalOwner_ [soylentnews.org]