Medical devices are increasingly used by cybercriminals to compromise networks, systems and patient data, says Dr. Jack Lewin of the consultancy Lewin and Associates, who's also chairman of the National Coalition on Health Care. That's why physicians should be advocates for better device security.
The lack of skilled personnel is hampering incident response, but automation can help, says Mike Fowler of DFLabs. Providing responders with "playbooks" for step-by-step incident response processes, for example, is essential, he contends.
Connected medical devices are a significant potential new attack surface that may not be covered by security tools and systems, says Ariel Shuper of Check Point Software Technologies. How can healthcare providers immunize their medical devices against threats before they are compromised?
Securing access pathways is just as critical as securing user credentials, says Sam Elliott, director of security product management at Bomgar, who points out that too many organizations overlook some fundamental steps.
Because cyberattacks continue to bypass next-generation security technologies, it's important not to underestimate the role humans play in attack detection and threat mitigation, says Rohyt Belani of PhishMe.
A commentary on the need for developers to be more deliberate in securing IT products leads the latest edition of the ISMG Security. Also featured: A report on Congress tackling voting machine security.
The healthcare sector's cybersecurity efforts needs to shift from a focus on protecting patient information confidentiality to protecting patient safety, says Joshua Corman, co-founder I Am The Cavalry, a grassroots, not-for-profit cyber safety organization.
Beleaguered ride-sharing service Uber has informed Britain's privacy regulator that 2.7 million U.K. riders and drivers had personal details exposed by the massive 2016 data breach that it covered up for a year.
Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.
Canadian citizen Karim Baratov has pleaded guilty to targeting more than 11,000 webmail accountholders to steal their passwords, including targeting 80 Gmail accounts at the request of an alleged Russian intelligence agent tied to a 2014 hack attack against Yahoo that exposed 500 million accounts.
From GDPR to the NIST Cybersecurity Framework, vendor risk management is a key component of every new piece of cybersecurity guidance. Yet, security leaders still struggle to inventory and assess their strategic partners. Sam Kassoumeh of SecurityScorecard explores the challenges.