It is clear that the healthcare industry continues to be targeted with cyber-attacks. In 2018, the 10 largest health care breaches, outlined here www.healthdatamanagement.com, include unauthorized access to protected health information (PHI) through a vendor offering claims processing, ransomware incidents, successful phishing schemes, mailing PHI to wrong addressees, hacking, a misdirected email, and a lost unencrypted hard drive. View Full Post
Wearable technology and medical devices have vulnerabilities just like anything else that is digital. ICS-CERT recently issued an advisory about vulnerabilities in Medtronic’s MyCareLink patient heart monitors. These devices are implantable cardiac devices that transmit patients’ heart rhythms directly to a provider. View Full Post
We have previously reported on the ongoing cybersecurity issues with St. Jude defibrillators [view related posts here, here, and here]. On June 29, 2018, the Food and Drug Administration (FDA) classified the required firmware updates to St. Jude defibrillators as Class 2 recalls, which is the medium-severity category of classifications that is applicable to issues where adverse health consequences are considered temporary or reversible. View Full Post
Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it was in the process of Privacy Shield certification when it was not. View Full Post
Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it was in the process of Privacy Shield certification when it was not. View Full Post