Forgot your password?
typodupeerror
Security Medicine IT

Healthcare Organizations Under Siege From Cyberattacks, Study Says 61

Posted by Soulskill
from the it's-hip-to-ignore-hippa dept.
BigVig209 sends this report from the Chicago Tribune: "A new study set to be officially released Wednesday found that networks and Internet-connected devices in places such as hospitals, insurance companies and pharmaceutical companies are under siege and in many cases have been infiltrated without their knowledge. ... In the report, the groups found from September 2012 to October 2013 that 375 healthcare organizations in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks. ... 'What's concerning to us is the sheer lack of basic blocking and tackling within these organizations,' said Sam Glines, chief executive of Norse. 'Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything.'"
This discussion has been archived. No new comments can be posted.

Healthcare Organizations Under Siege From Cyberattacks, Study Says

Comments Filter:
  • by Opportunist (166417) on Wednesday February 19, 2014 @07:22AM (#46284557)

    The problem is, comply with WHAT? Have you ever read the various "standard compliance requirements"? They're usually worded in a way that leaves holes big enough to move planets through. You'll find a lot of talk about "reasonable" and "adequate" security without any kind of definition whatsoever what these words would mean.

    You will NEVER EVER find something that they could be pinned with, like "leave no default passwords" or "no guest accounts" or even "stateful firewall with [[list of features]]". Never. No chance.

    Of course it's a consultant's dream because no matter what you sell, you're complying. And it's of course no problem for the customer in question to be compliant to rules like that.

  • Simple solution (Score:2, Insightful)

    by Anonymous Coward on Wednesday February 19, 2014 @08:35AM (#46284837)

    We need a law (or laws) that place very painful penalties on any business or organization that suffers a data breach through their own negligence.

    The right wingers who run a lot of these businesses just love to talk about the magical results we can get by relying on the free market. Well, let's see them put their money where their mouth is. Currently, they can be sloppy with their IT practices and pay virtually no price even when something goes wrong that causes considerable pain to their customers/users and society at large. It's a classic externalized cost. Internalize it via triple-damages penalties or something similar, and I guarantee that their IT practices will improve dramatically in a matter of weeks.

Faith may be defined briefly as an illogical belief in the occurence of the improbable. - H. L. Mencken

Working...