Zero Day
The Threat in Cyberspace: To succeed in addressing risks in the digital universe, global leaders must understand one of the most complex, man-made creations on Earth: cyberspace. View the series.
Video: Government and business leaders in the United States and around the world are rushing to build better defenses - and prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace.
The agency has urged hospitals to allow vendors to guide them on security of sophisticated devices. But the vendors sometimes tell hospitals that they cannot update FDA-approved systems, leaving those systems open to potential attacks. In fact, the agency encourages such updates.
“A lot of people are very confused about FDA’s position on this,” said John Murray Jr., a software compliance expert at the agency.
Timeline: Explore some of the technological advances that led to cyberspace and some examples of notable hacks.
A Government Accountability Office report in August noted that defibrillators and insulin pumps are vulnerable to hacks. In July, one researcher-hacker was able for the first time to use a specialized search engine called Shodan to discover a medical device, a wireless patient glucose monitor in Wisconsin, linked to the Internet and open to hacking.
The Department of Health and Human Services is overseeing the move to electronic health records systems, some of which have documented security vulnerabilities.
John Halamka, a physician and Harvard University professor who is co-chairman of the HHS health information technology standards committee, said security in the health-care industry is “not as good” as in other industries. But he added that the industry is aware of the problems and is scrambling to make improvements.
“It’s completely headed in the right direction,” he said.
But Laurie Williams, a computer scientist at North Carolina State University, said health care remains widely vulnerable.
“There are basic, basic, Security 101 vulnerabilities we identified,” said Williams, who was among a team of researchers that identified numerous security flaws in several electronic heath records systems two years ago. “I’m concerned that at some point the hackers are really going to begin exploiting them. And that’s going to be a scary day.”
A lingering issue
Questions about the cybersecurity of medical systems have been simmering for more than a decade. But the issue has intensified as hospitals embrace wireless devices and electronic records. Some health-care officials assumed that their networks were too obscure, or offered too few financial enticements, to be of interest to hackers.
Information technology executive Peter Tippett, the chief medical officer for Verizon, said the threat from cyberspace should not be overstated. Simple theft of laptops and other devices make up the bulk of incidents.
“The fact is, there aren’t many attacks,” said Tippett, who oversees ICSA Labs, an independent division of Verizon that tests electronic health records systems and other security products for government certification. “The bad guys so far at least have been looking for money.”
Still, Tippett acknowledged that health care ranks near “the bottom of the list” of industries in terms of cybersecurity. “It’s about like retail,” he said.
In July, a consortium of hospitals, health plans, pharmacies, drug companies and government agencies called the Health Information Trust Alliance launched a cybersecurity incident response and coordination center to defend against “cyber crime, cyber espionage and cyber activism.”
The Post MostMost-viewed stories, videos, and galleries in the past two hours
Loading...
Comments