www.healthcareitnews.com/news/flint-hospital-hit-cyber-attack-after-hacker-group-anonymous-promises-action-water-crisis By Mike Miliard Health Care IT News January 25, 2016 Flint, Michigan-based Hurley Medical Center was targeted with a cyber attack this past week, soon after the hacktivist group Anonymous released a video promising “justice” for the city’s ongoing water crisis. The attack was confirmed by the hospital on Jan. 21. “Hurley Medical Center has IT systems in place, which aid in detecting a virus or cyber attack,” spokeswoman Ilene Cantor said, according to MLive. “As such, all policies and protocols were followed in relation to the most-recent cyber attack on our system. Patient care was not compromised and we are closely monitoring all systems to ensure IT security is consistently maintained.” Anonymous’ posted a video online launching what it dubbed the #OpFlint campaign. […]
https://blogs.oracle.com/maryanndavidson/entry/no_you_really_can_t Mary Ann Davidson Blog By User701213-Oracle Aug 10, 2015 I have been doing a lot of writing recently. Some of my writing has been with my sister, with whom I write murder mysteries using the nom-de-plume Maddi Davidson. Recently, we’ve been working on short stories, developing a lot of fun new ideas for dispatching people (literarily speaking, though I think about practical applications occasionally when someone tailgates me). Writing mysteries is a lot more fun than the other type of writing I’ve been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it.
http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5177/evidentio-encourages-startups-to-boost-aws-security By Clare Hopping Cloud Pro June 25, 2015 Evident.io has announced a startup and small business AWS Cloud Security platform to help those without a dedicated security resource ensure their Amazon cloud infrastructure is protected. Adrian Sanabria, an analyst with 451 Research, commented: “The rise of cloud computing has enabled small businesses to grow and thrive with affordable cloud infrastructure and powerful cloud-based tools, but it’s also created unprecedented security threats.” He explained that startups often set up multiple severs in the cloud before even thinking about the security implications this has, employing a security expert or buying even basic equipment for the office. It’s this ‘cloud-first’ attitude that can get organisations into trouble when it comes to securing their systems. “The biggest risk with cloud infrastructure, especially for ‘cloud-first’ businesses, is the management plane,” he commented. […]
http://healthitsecurity.com/news/a-review-of-common-hipaa-technical-safeguards By Elizabeth Snell Health IT Security June 26, 2015 HIPAA technical safeguards are just one piece of the larger health data security plan that covered entities and their business associates must put together. However, it is a very important aspect. Over the next few weeks, HealthITSecurity.com will discuss some common examples of all three HIPAA safeguards, and how they could potentially benefit healthcare organizations. Not all types of safeguards are appropriate or necessary for every covered entity. But by having a comprehensive understanding of what is required by HIPAA and the HITECH Act, and how various safeguards can be used, organizations will be able to identify which ones are most applicable. From there, they can create and implement the right data security protections for their daily workflow and ensure they maintain HIPAA compliance. As previously mentioned, HIPAA technical safeguards are an important part to keeping sensitive health data secure. Whether a small primary care clinic is debating health data encryption options or a large HIE is considering BYOD for employees, understanding the basics of HIPAA technical safeguards is essential. What are HIPAA technical safeguards? The HIPAA Security Rule describes technical safeguards as ““the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” However, an important note is that the Security Rule does not require specific technology solutions. Rather, healthcare organizations need to determine reasonable and appropriate security measures for their own needs and characteristics. […]
http://risktech-forum.com/news/cybersecurity-a-global-legal-perspective-for-hedge-funds Hedgeweek 11 June 2015 The House of Representatives passed a new cybersecurity bill – the Protecting Cyber Networks Act (PCNA) – to allow file sharing between government intelligence agencies and private companies and raise the overall awareness of hacking. This is just the latest chapter in what is fast becoming a key narrative within the US, where cybersecurity legislation is being rolled out to address the growing sophistication of cyber attacks. Hedge funds are now becoming a more pronounced target and to that end, lawyers are requiring to get on top of the issues to advise their clients accordingly. Ed McNicholas is a partner at Sidney Austin LLP in Washington DC. He confirms that he has just finished a treatise for the Practicing Law Institute, the aim of which is to provide a legal guide on cybersecurity. It is due to be published in June. “The law here is developing rapidly and one of the biggest things that hedge funds need to do is to ensure communication between their lawyers and their IT staff on this issue. The lawyers have, for a long time, considered it to be an IT issue but they need to get up to speed on this,” says McNicholas. McNicholas sees three big tasks facing lawyers. The first relates to managing the information assets of a hedge fund. These are highly specialised vehicles and as such an intellectual step needs to be taken by law firms in realising that this is not an issue that pertains solely to personal data. Hedge funds have significant intellectual property – trading algorithms, investor details, proprietary research etc. In relation to cybersecurity, it is important to identify those assets and understand where and with whom the manager shares those assets. […]
http://healthitsecurity.com/news/coast-guard-needs-better-phi-security-says-oig-report By Elizabeth Snell Health IT Secutity May 21, 2015 The US Coast Guard (USCG) must do a better job in its PHI security measures, according to a recent report from the Office of the Inspector General (OIG). Specifically, USCG lacks a strong organizational approach to resolving privacy issues, the report stated, which leads to the agency having challenges when it comes to effectively protecting PHI. “We evaluated the safeguards for sensitive personally identifiable information and protected health information (privacy data) maintained by USCG,” OIG explained in its report. “Our objectives were to determine whether the USCG’s plans and activities instill a culture of privacy and whether the USCG ensures compliance with the Privacy Act of 1974, as amended, [HIPAA], and other privacy and security laws and regulations.” OIG outlined five areas that USCG needs to resolve in order to improve its PHI security: […]
http://www.v3.co.uk/v3-uk/news/2406304/windows-xp-government-support-deal-ends-leaving-pcs-open-to-attack By Dan Worth, Dave Neal V3.co.uk 29 Apr 2015 The government has not renewed its £5.5m Windows XP support deal with Microsoft despite thousands of computers across Whitehall still running the ancient software, leaving them wide open to cyber attacks. The contract was negotiated last year between Microsoft and the Crown Commercial Service (CCS), which is part of the Cabinet Office, to provide one year’s additional support after the general support deadline for XP expired. The CCS made it plain at the time that it would not renew the deal, and urged all departments to ensure that they migrated in time. “It is important to note that there are no plans to negotiate a further national extension of XP support beyond April 2015,” the CCS said in a letter to departments. “It is therefore essential that all NHS organisations put in place robust plans to migrate away from Windows XP, Office 2003 and Exchange 2003 by that date.” […]
http://www.ubergizmo.com/2015/04/what-elite-hackers-do-upon-encountering-an-imac/ By Tyler Lee ubergizmo.com 04/19/2015 When reading about malware and hacks on computers, most of the time it involves Windows-based machines. This isn’t to say that other platforms and computers, like Apple’s OS X, isn’t invulnerable, it’s just that all this stuff seems to happen to Windows users a lot more often than anyone else. That being said, that doesn’t mean that computers like the iMac are considered “safe”. In fact recently during an Infiltrate conference that was held over last week, Business Insider spoke to the attendees and found that for the most part, most of the hackers that attended the event did not want to have anything to do with the iMac in their room. Apparently this was due to the iMac being easily commandeered by a skilled hacker if that situation arose. This also led to the attendees coming up with ways to make sure that they could not be spied on by the iMac’s camera. In one case, what the person did was turn the iMac to face the wall, unplug it, and for good measure, toss a towel over it to ensure complete privacy. […]