IT
38 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by Camino Info Services
Scoop.it!

Preparing for HIMSS16

Preparing for HIMSS16 | IT | Scoop.it
Camino is returning to HIMSS16, hosted in Las Vegas, in booth 11410. Come visit to learn how, with our partners, we are working to transform health IT.
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

Office 365 Features and Benefits | Camino IS

Office 365 Features and Benefits | Camino IS | IT | Scoop.it
The list of Office 365 features and benefits is impressive, as is the list of businesses enjoying them. Which are the best fit for you? (844)IT-SOLVE
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

Server 2003 R2 Support - Camino Information Services

Server 2003 R2 Support - Camino Information Services | IT | Scoop.it
Seeking Server 2003 R2 support for your business? Camino IS announced today that their IT technicians are offering this service to users of the product.
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

What’s “The Cloud” Anyway?

What’s “The Cloud” Anyway? | IT | Scoop.it
What is the cloud anyway? Where is it? Is it safe? How much does the cloud cost?
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

What Does “The Cloud” Mean for Health Information Technology? | Camino Information Services

What Does “The Cloud” Mean for Health Information Technology? | Camino Information Services | IT | Scoop.it
Camino Info Services's insight:

Where will the cloud take Health IT?

more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

What are Hospitals Doing with All That Big Data? | Camino Information Services

What are Hospitals Doing with All That Big Data? | Camino Information Services | IT | Scoop.it
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

What Does 'the Cloud' Mean for Healthcare and Clinical Labs?

What Does 'the Cloud' Mean for Healthcare and Clinical Labs? | IT | Scoop.it
What Does 'the Cloud' Mean for Healthcare and Clinical Labs? read SelectScience news in the SelectScience scientific news archive
more...
No comment yet.
Rescooped by Camino Info Services from Healthcare and Technology news
Scoop.it!

Just How Secure Are IT Networks In Healthcare?

Just How Secure Are IT Networks In Healthcare? | IT | Scoop.it

“Most devices have no security applications on them at all. Anyone can just get in and manipulate whatever they want.” Hospital Chief Information Security Officer as quoted in McKinsey Report ‒ Risk & Responsibility in Hyperconnected World

Earlier this year, Norse ‒ a leading Security Intelligence vendor ‒ provided network analysis for a SANS Institute report on cybersecurity (here). Using their global sensor network,  Norse identified the following malicious activities by healthcare entities from September 2012 through October 2013:

49,917 Unique Malicious Events723 unique malicious source IP addressesFrom 375 compromised health care-related organizations based in the U.S.

Norse reran their analysis for just the first half of 2014 and found:

14,729 Unique Malicious Events567 unique malicious source IP addressesFrom 357 compromised healthcare related organizations based in the U.S.

The malicious events and IP addresses are the real red flags because these are devices that should not be communicating with the Norse sensor network. The fact that they are communicating with the Norse sensor network indicates that the IP address has been compromised and is likely being used by someone for unknown, but unintended purposes.

Included in the category of malicious source IP addresses was an openly visible network attached multi‒function printer (MFP). These are very common devices in every hospital, clinic and lab specifically because they are cheap and can be easily shared by everyone attached to a given local area network.

While it’s tempting to discount the lax network security associated with a small clinic or lab ‒ it helps to understand the size of the hospital in this one case.

According to Becker’s Hospital Review (here), the number of hospitals by bed count for 2009 (last available data) was roughly:

6-24 beds — 40225-29 beds — 1,16450-99 bed — 991100-199 beds — 1,063200-299 beds — 582300-399 beds — 348400-499 beds — 192500 beds or more — 266

The hospital in question was in the 3rd highest category (300‒399 beds). In terms of staffing, Becker’s also estimates that this size hospital would ‒ on average ‒ employ about 1,600 people full time and another 593 part time ‒ or roughly 2,200 people total (here). As an example only, this is what a 300‒399 bed hospital looks like:

 

In other words, this is not a small facility by any measure.

So what? It’s a network attached printer. What harm can that be?

Since the device is “network attachable,” the configuration software that’s included has a login and password setup routine. The factory default is often something like “admin” for login and “12345″ for password. The instruction always recommends changing the login and password as a part of the setup program.

The trouble, of course, is that many people never do. The multi-function printer (MFP) legacy as a dumb device makes it an easy prey for simple negligence. In some cases, the setup software itself will helpfully prompt a user (any user ‒ at any time) with the actual default login and password.

Hacker’s, however, see these dumb devices as near perfect (and silent) entry points. In fact, even someone who’s just curious can type the IP address into any browser attached to the internet from anywhere in the world. In effect, it’s not that the door to the network is unlocked, ajar or open. In some cases ‒ there’s simply no door at all. Just walk right in ‒ and the login credentials may even be provided by the manufacturer via a help screen.

Which is likely how the MFP printer in question wound up on Norse’s sensor network.

I asked Norse to elaborate on the possibilities from this entry point as an “admin” for the printer. The full list is daunting, but here’s a short summary.

From this point a hacker can easily add special routing so that anything that’s printed, faxed, or scanned can be automatically sent to an outside recipient without any notification or alerts ‒ indefinitely.A hacker can access documents that are potentially stored on the device, such as those that have been scanned or printed in the past.A hacker can use the printer as a “jumping off point” by uploading their hacking tools to this device and then using it as a bridge to other networked devices and thereby access potentially sensitive information such as ePHIA hacker could then use the hospital network to attack other organizations with impunity (such as denial‒of‒service attacks or botnets) which in turn could expose the hospital to a lawsuit.

All through a device that looks like one of these ‒ costs less than $200 ‒ and is rarely monitored once attached to a network.

 

An easy follow on question, of course, is how many other MFP’s in this hospital are network attached? More globally, how many other devices like video surveillance cameras, infusion pumps, x-ray machines are also simply plugged into the network of any hospital, clinic or lab with the factory default configuration?

As with every sizable healthcare facility the hospital that tripped the Norse sensor network with malicious activity proudly displays their “Privacy Policy” on their website with this opening sentence:

“We are committed to protecting the confidentiality of your medical information, and are required by law to do so.”

That phrase, it turns out, is very popular. So popular that Google returned 6,750,000 results. Yes, they are required to protect your data, but the law they’re referencing ‒ HIPAA ‒ is designed to penalize a known data breach. Hospitals are legally required to report breaches that they know of, but the real hacker threat is one that simply steals data silently without a trace. As the Norse study suggests, there are potentially thousands of healthcare breaches that happen for malicious purposes that are unknown (and therefore unreported).

“Malicious traffic monitoring is a core competency here at Norse and what we’re seeing in the healthcare sector compared to others sectors like financial services is really alarming. Regardless of the external factors that have placed the healthcare vertical in this vulnerable state, their leadership must become more familiar with today’s threats or face the consequences of the loss of their most important data – patient information.” Sam Glines – CEO of Norse

The McKinsey study released earlier this year estimated that the global aggregate economic impact of building more cyber-resilience could be as high as $3 trillion. Global forecasts aside, the healthcare industry was specifically referenced in multiple ways as being well behind the cyberthreat curve.

A relatively high proportion of the healthcare executives we interviewed believe that the sophistication or pace of cyberattacks will increase quickly, and all of them agreed that attackers’ capabilities will likely outpace the capabilities of their organization. The healthcare sector appears to be the most underdeveloped, with 56% of healthcare respondents believing that their company spends insufficiently on cybersecurity. Risk and Responsibility in a Hyperconnected World ‒ McKinsey

 

 


Via Technical Dr. Inc.
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

IT Services Houston

IT Services Houston | IT | Scoop.it
Camino Information Services is a capable provider, fulfilling the IT services Houston needs with a highly qualified team of talented engineers and techs.
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

Office 365 Business Trial | Camino Information Services

Office 365 Business Trial | Camino Information Services | IT | Scoop.it
Sign up for your free 30 day enterprise E3 Office 365 Business Trial courtesy of Camino Information Services. Or call (844)IT-SOLVE to set up your cloud.
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

The Future of Health IT Companies - Camino Information Services

The Future of Health IT Companies - Camino Information Services | IT | Scoop.it
Health IT companies are walking into an always shifting landscape when they hang their shingle for the first time. Going forward, these health IT companies, like ourselves at Camino Information Services, have an expanding role in the broader healthcare market, particularly in the
more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

The 3 Ways Microsoft Just Changed the Face of Education | Camino Information Services

The 3 Ways Microsoft Just Changed the Face of Education | Camino Information Services | IT | Scoop.it
Camino Info Services's insight:

(And you probably didn't hear about it) 

more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

Advantages of Cloud Computing [Infographic] | Camino Information Services

Advantages of Cloud Computing [Infographic] | Camino Information Services | IT | Scoop.it
Camino Info Services's insight:

The advantages of cloud computing extend to far greater cost savings and production advantages than simply emails and storage.  With expanding uses of big data and blinding rates of information production, the cloud service industry is expecting booming growth with 60% of businesses listing cloud adoption as their number one priority.

more...
No comment yet.
Scooped by Camino Info Services
Scoop.it!

New Location for Camino Information Services | Camino Information Services

New Location for Camino Information Services | Camino Information Services | IT | Scoop.it
more...
No comment yet.
Rescooped by Camino Info Services from Healthcare and Technology news
Scoop.it!

FDA proposal a huge boost to mHealth innovation | mHealthNews

FDA proposal a huge boost to mHealth innovation | mHealthNews | IT | Scoop.it

In what's being hailed as a positive step for mHealth innovation, the U.S. Food and Drug Administration has freed dozens of mobile medical devices from the requirements of increased regulation.

The 12-page document issued on August 1 is part of the FDA's draft guidance for the regulation of mobile medical devices and apps. In this latest posting, the FDA has proposed that it will not require premarket submission requirements from certain Class I and II medical devices under the reserved criteria of section 501(I) of the Federal Food, Drug and Cosmetic Act of 2012.

The proposal is "a huge boost the to mHealth industry," said Bradley Merrill Thompson, an attorney for the Washington D.C. law firm of Epstein Becker Green and counsel for the mHealth Regulatory Coalition. 

He said it exempts a number of devices, such as thermometers, stethoscopes, talking first aid kits, hearing aids, fertility diagnostic devices and exercise equipment.

Thompson told mHealth News the categories targeted by the FDA are home to some of the newest mHealth innovations – like apps that turn cellphones into stethoscopes, or hearing aids and those that help users exercise – but they don't present a risk to the user, a key ingredient to the requirement for more stringent regulation.

The FDA "is being very practical and not wanting to apply regulatory requirements where the risks don't merit them," he said. "It also suggests that FDA is working hard to communicate more precisely to the whole industry, including the mHealth sector, its regulatory expectations."

The devices identified by the FDA in its latest guidance fall under the following categories:

Anesthesiology devicesCardiovascular devicesDental devicesEar, nose & throat devicesGastroenterology and urology devicesGeneral and plastic surgical devicesGeneral hospital and personal use devicesNeurological devicesObstetrical and gynecological devicesOphthalmic devices; andPhysical medicine devices.

Thompson said mHealth advocates are awaiting further guidance from the FDA on other categories as well. In particular, regulators will need to clarify the difference between wellness claims and disease claims, a growing concern as the mHealth industry blurs the lines between health and wellness tools and clinical tools. The agency also needs to take a closer look at accessories, or devices that, when plugged into a medical device, become medical devices themselves.

"That's a big issue for mobile health where cell phones and other accessories are routinely now being connected to medical devices to transmit data back to a caregiver," he said.

Another "huge issue" he said the FDA needs to take a closer look at is clinical decision support apps, which have the potential to affect how a clinician delivers care.

 

 


Via Technical Dr. Inc.
more...
No comment yet.
Rescooped by Camino Info Services from Healthcare and Technology news
Scoop.it!

Health IT mergers on upward climb | Healthcare IT News

Health IT mergers on upward climb | Healthcare IT News | IT | Scoop.it

Mergers and acquisitions for the health IT market continue to see big numbers, with total deal volumes increasing 18 percent since the second half of 2013, according to a new Berkery Noyes trend report.    The report, which analyzed M&A activity during the first half of 2014 and compared it with previous years, found aggregate value increased nearly 50 percent, from $3.7 billion up to $5.5 billion.    The overall deal volume for the healthcare IT segment also saw an increase of 17 percent, going from 65 to 76 transactions, marking the segment's biggest increase on a half year basis since 2012, officials noted. The big deals for 2014 thus far included Summit Partners' acquisition of Ability Network for $550 million; ISG Holdings being acquired by Xerox for $225 million, and Emdeon's $115 million acquisition of healthcare revenue cycle management company Capario.    [See also: Big growth forecast for health IT market.]   "In the rapidly changing healthcare information/technology marketplace, both strategic and financial buyers are on the hunt for attractive acquisitions of scale," said Tom O'Connor, managing director at Berkery Noyes, in a July 21 press statement announcing the report. "Companies with good scale, recurring revenue and high growth rates with a large addressable market opportunity, whether they are long-term care information/education/technology providers, revenue cycle management, point-of-care information solutions or one of many other attractive niches, are in high demand from both private equity and strategic buyers."     O'Connor called the market a "seller's market."   [See also: Health IT attracting huge investments.]  "Private vendors of tech-enabled healthcare solutions continue to be in high demand by both strategic and financial buyers," added Jonathan Krieger, managing director at Berkery Noyes, in a statement. "There is a supply and demand imbalance where buyers looking to broaden their exposure to the $3 trillion healthcare space with very favorable underlying growth drivers continue to exceed the number of sellers, and as a result multiples being paid are very attractive to sellers."  

Other market segments included in the report also showed considerable growth. Pharma IT, for instance, increased from 15 to 24 transactions, with the largest deal being Dassault Systemes' $652 million acquisition of Accelrys Software, scientific lifecycle management software company. The consumer healthcare segment also fared well, seeing increases of 16 to 21 transactions.

 

 


Via Technical Dr. Inc.
more...
No comment yet.