Medieval Diseases Find New Vector In United States: The Homeless
via Anna Gorman writing at The Atlantic (along with Kaiser Health News) are sounding the klaxxon horns in warning of an astonishing fact in the United States: The influx of infectious diseases in the homeless populations of several states. This my friends, is a true and deadly emergency.
And then, there's this...
Russia Flogging Zero-Day Exploits →
via Joseph Cox, writing at Motherboard (a Vice property), tells ths unfortunate tale of a Russian company selling zero-day exploit code, targeting hospital software... Today's MustRead. H/T
"Gleg offers several different packs of exploits for clients: Agora covers mainstream web software; the “SCADA+ Pack” is focused on “industrial software and hardware environment” issues, and, predictably, the MedPack includes vulnerabilities for medical software. A one year subscription for MedPack costs $4,000, and for that Gleg provides 25 exploits per year, most of which are zero-days, Gurkin wrote." - via Joseph Cox, writing at Motherboard (a Vice property)
Reconnaissance Worm →
Danny Palmer - of ZDNet - tells a tale of a new (and ostensibly - mysterious) worm, evidently targeting health care contraptions (reportedly X-Ray Photography Systems and MRI Scanners). There is some discussion attributing the attacks are performing reconnaissance...
Healthcare Systems - Ransomware Targets →
Superb accounting of the built-to-fail systems in healthcare, and the predeliction of those same systems towards victimization by ransomware attacks. Via Robert N. Charette writing at the IEEE's Spectrum Magazine.
NCCOE Heralds Release of NIST SP 1800-8 Securing Wireless Infusion Pumps
The National Institute of Standards and Technology (NIST) National Center for Cybersecurity Excellence (NCCOE) has released it's latest draft medical device related security document, entitled 'NIST Special Publication 1800-8 Cybersecurity Special Publication 1800-8 Securing Wireless Infusion Pumps - In Healthcare Delivery Organizations'. Authored by Gavin O'Brien, Sallie Edwards, Kevin Littlefield, Neil McNab, Sue Wang and Kangmin Zheng - the document is available as either a PDF or web-based artifact. Enjoy.
"Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, these devices now connect wirelessly to a variety of systems, networks, and other tools within a healthcare delivery organization (HDO) – ultimately contributing to the Internet of Medical Things (IoMT)." - via the National Center for Cybersecurity Excellence (NCCOE)
The Majority Compromised →
Lucas Mearian, writing at ComputerWorld, regales us with the astounding truth: The majority of health care providers and health plans/insurers have been compromised.
All of that is compounded by the same companies transfering risk, in the vainglorius hope they are better off for it.
NCCoE Releases NIST Cybersecurity Practice Guide Targeting Health Records →
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NIST NCCoE) has released a new draft practice document entilted NIST Cybersecurity Practice Guide, Special Publication 1800-1: "Securing Electronic Health Records on Mobile Devices".
Targeting health care records (stored electronically), these artifacts are well-crafted first-rate (but draft, after all) information security documents. Available in both sections and in full (a compressed file also containing a manifest, and a number of template files is noted later in this post).
The Comment Period is open until September 25, 2015 (inclusive). The NCCoE has committed to allowing comments to be submitted anonymously, will be make public those commentaroes after review. Submit comments online or via email to HIT_NCCoE@nist.gov.
Sections Available
(1) SP 1800-1a: Executive Summary (2) SP 1800-1b: Approach, Architecture, and Security Characteristics (3) SP 1800-1c: How-To Guide (4) SP 1800-1d: Standards and Controls Mapping (5) SP 1800-1e: Risk Assessment and Outcomes
Full Zip Document Archive
No Signal →
Well written report on the 'plight' of folks that reside in Green Bank, West Virginia, [story by Michael J. Gaynor, and photography by Joshua Cogan, appearing in the often erudite The Washingtonian]. The unfortunate/fortunate circumstance for resident of the town is a complete ban on wireless networking and other devices that interfere with the utilization of the radio-telescope equipment ensconced at the National Radio Astronomy Observatory, home of the Robert C. Byrd Green Bank Telescope.
The truly fascinating component to this story is of the towns attractiveness to folks that are electrosensitive. Electrosensitives [also known as Electromagnetic Hypersensitives] are humans that suffer deleterious effects when exposed to much of modern technologies [in this case, electro-magnetic fields, and the like]. Absolutely fascinating [regardless of certain aspects of this syndrome I am reasonably skeptical]. You be the judge...
Heart of Cheney
Apparently Dick Cheney (one our former Veeps and President of the Senate) fearing for his life, decided to terminate the in-built wireless capabilities of his lifeline. In this case, none other than his implanted heart defibrillator.
We are bound to discover more of this behavior going forward given the paucity of medical device security, and the need to access telemetry from these life giving, and sustaining machines, without invasive measures.
2014/11/07: As an addendum to this post, it behooves me to add I have great respect for Mr. Cheney. His efforts to control his own destiny, medically and otherwise, are exceedingly admirable.
Triaged
News, via Jordan Valinsky, writing at Gizmodo, detailing the use by some health care facilities - of big data extracts- and focusing on the credit card data contained therein. Perhaps you may be wondering why and how credit card data may be relevant to determining health payment statistics... Stay tuned and examine the Bloomberg Businessweek article where clarity may be provided in regards the use of spending information and illness in homo sapiens spendthriftus.
"According to Bloomberg Businessweek, it's currently being used by Carolinas HealthCare System, which is using that type of data to survey the health of its two million members." - via Jordan Valinsky at Gizmodo