The U.S. Department of Health and Human Services (HHS) says that it will make the security of mobile devices containing personal health information and networked medical devices areas of intense scrutiny in 2014. The security of a wide range of devices, from laptops and USB ‘jump drives’ to networked medical devices like dialysis machines and medication dispensing systems will be under review, according to a 2014 Work Plan issued by HHS’s Office of the Inspector General (OIG). (PDF) Among other projects, the OIG will review hospitals’ plans to protect the loss of protected health information (PHI), as well as similar plans put in place by Medicare and Medicaid contractors in the next year. OIG will also scrutinize security controls at hospitals that protect networked medical devices. OIG wants to determine if the controls in place are adequate to secure electronic protected health information stored on medical devices. Links between networked […]
HHS
The Security Week In Review: Same Breach, Different Day
It’s the end of another week and, as has become a pattern, we’re weighing the impact of another massive data breach: this one at Cupid Media, the owner of a network of dating web sites. According to a report on Krebsonsecurity.com, data on some 40 million Cupid Media customers turned up on the same servers that were found holding data stolen from Adobe Inc., PR Newswire and other victims. To get a handle on the impact of this breach and others like it, I invited Ted Julian, the Chief Marketing Officer of CO3 Systems, to talk about the recent string of embarrassing breaches and how companies go wrong (and sometimes right) in responding to them. Co3 sells a service that helps companies structure their response to data breaches and other adverse incidents. We also took the time to talk about the recent FTC Workshop on security and privacy on The […]
Health Exchanges Need A Fail Whale
In a blog post on Veracode’s blog today, I write about the problems encountered at government-run online health exchanges that were intended to connect millions to private insurance plans under the Affordable Care Act. The exchanges opened to the public on Tuesday, and they got off to a rocky start, with reports of web sites paralyzed as millions of uninsured Americans logged on to sign up for subsidized health insurance. In some cases, the problems appear to have been caused by “external factors.” New York State’s online health exchange was felled by the weight of more than 10 million requests of dubious origin, The New York Post reported. But other exchanges, including Healthcare.gov the federal government’s main health insurance storefront, which is used by residents or more than half of the states, were victims of their own success: overwhelmed when the doors swung open and millions of eager customers poured […]
