THCB

Categories

Tag: Security

Hacking Your Heart

7

By ALEX EPSTEIN

implanted pacemaker xray

If they can hack your home computer, your mobile phone, apps, your store, your social networks, your bank account, your gaming system, your medical records, your school records, the government and its records, and pretty much anything anyone sets their mind to – isn’t it is only a matter of time until someone finds a way to hack your heart?

Not through a musical hook or melody that you can’t shake. Or a well timed smile by someone your soul connects with. Or a box of chocolates. Or a poem. People have been penetrating the human heart with those Luddite-ish tools since the beginning of civilization.

I was thinking more about that electronic device your doctor might have implanted into your chest to keep your heart beating. Or the little box stuck in your gut to help you and your pancreas regulate your diabetes.  Or the mini-computer surgically inserted to keep your neurological systems on track.

Hacking the medical miracles put inside people to let them live longer with more normal lives.

While to my limited knowledge nobody has reported a single case and the likelihood is extremely low, it is a real enough concern that the New England Journal of Medicine published a paper about the need to improve security last year.

Continue reading…

Health Information Security and the Cloud

1

By DAN ORENSTEIN

Back in 2005, Hurricane Katrina smashed into the Gulf Coast community of Waveland, Mississippi. Among the many losses were the community’s medical files. The storm instantly wiped out more than 10,000 of Waveland Medical Center’s patient medical records.

“For the past year, we have had to rely on our memories and notecards to keep track of patient care while treating patients outside or in a tent, battling against power outages, and working without heat in the cold and without air conditioning in the summer,” said Roberta Chilimiagras, M.D., WMC’s owner, in the days after the storm.

Patients fleeing the Gulf Coast area often sought treatment elsewhere. In Houston, Melinda Amedee presented at the MD Anderson Cancer Center, saying that she had been scheduled to have a tumor removed from her kidney at a New Orleans hospital. As Time magazine reported, her case posed a serious challenge to the doctors in Houston, who had no medical records and no way of contacting her Louisiana kidney specialist.

This example – extreme as it is – highlights a critical, and often overlooked, component of the privacy and security of patient information. Health information security can be thought of as a three-legged stool—Confidentiality, Integrity, and Availability. It’s widely accepted that health information must be kept confidential. But what good is all that information if doctors and their patients can’t get to it at the critical moments? I’d argue that on a day-to-day basis, patient access to, and input on, what is in their health records is an aspect of privacy and security that deserves greater attention.Continue reading…

Cyber Insurance

2

By MICHAEL OVERLY, ESQPicture 30

Insurance exists to cover a wide range of potential business risks. Cyber insurance is worth considering as companies increase their presence, business practices and data storage online. In fact, Cyber insurance is not just for companies conducting transactions online (e.g., online retailers).

It is valuable to any company who has critical systems or sensitive data, which is almost every business. While it is possible to have insurance that covers damage to your servers and other computer equipment, it is almost certain the insurance only covers the physical damage to the hardware, itself, and not the valuable data housed within. In fact, insurance policies regularly state that the policy is limited to the replacement costs of the hardware and not the data.  This means that in the event a hacker gains access to your systems and disrupts operations, standard insurance coverage will probably offer little or no protection unless hardware is actually damaged.

The costs associated with restoring lost or damaged data, sending breach notifications to consumers, and other potential liability under each state’s breach notification statues can be astronomical. Cyber insurance can help cover some of the costs of a data breach, including the expense of sending notification to affected individuals, public relations, fines, penalties, responding to regulators and any subsequent litigation by affected individuals. The potential for attacks and breaches is growing exponentially as more and more businesses move operations to the cloud. Moreover, attacks do not necessarily derive from an outsider. Data breaches have resulted from careless, frustrated and vengeful employees who often attempt to profit from someone else’s information. Depending on the policy, Cyber insurance can offer protection from hackers, viruses, data breaches, denial of service attacks, and copyright, trademark, and website content infringement.

Continue reading…