Blog

Healthcare Cybersecurity Matters Now More Than Ever

Providers entering data into hospital computer

We just published Volume 25 of the HIMSS Healthcare and Cross-Sector Cybersecurity Report. The report outlines new methods of Bluetooth attacks, digital theft and many vulnerabilities.

Report Highlights

1. Bluetooth Attacks
This report highlights a new technique for attacking the Bluetooth pairing protocol without being detected by victim devices. If an attack is successful, the encryption key of a victim device may be revealed.

2. Phishing Attacks
Volumes of phishing emails are growing and the efficacy and impact of phishing emails are growing as well. Frequently, phishing attacks appear to come from a trusted source, such as an executive within one’s own organization. Spear-phishing emails, which are targeted phishing emails, are often quite effective. Significant breaches may occur as a result of a successful spear-phishing email attack.

3. Copy-and-Paste Malware
New malware has been discovered which monitors the Windows clipboard for cryptocurrency addresses. The malware has been found to replace the cryptocurrency addresses with alternate ones (selected by the attacker).

 

 

 

 

 

 

 

 

 

 

 

Watch Lee Kim talk about healthcare security now and in the future on HIMSS TV.

4. Bug Bounty Programs
A manufacturer has set up a bug bounty program for printers in what is called an “industry first.”

5. Remote Code Execution Vulnerabilities
Remote code execution vulnerabilities are especially problematic, as attackers may be able to execute commands and instructions of their choice. These vulnerabilities may be found in all sorts of computer programs, including open source software.

6. Shipping Infrastructure at Risk
While this is not healthcare, this is another critical infrastructure sector that is very vulnerable. Researchers have found that “always on” satellite connections have exposed shipping to hacking attacks. In addition, poor security hygiene on board the ship and vulnerabilities associated with protocols used and systems provided by maritime product vendors also appear to be problematic.

In summary, healthcare cybersecurity never stands still. The threat landscape is always changing and so must we. We must be agile and nimble and constantly strive to learn.

Want to Learn More?

We invite you to attend our Healthcare Security Forum in Boston, October 15-16.
Security breaches within healthcare organizations are inevitable, which means being prepared is critical for patient safety and keeping your reputation intact. Join fellow experts and peers for the updates, strategies and connections that will help you create a framework for creating a proactive, resilient security strategy. Learn more and register | Use code PSCOMM to save $200