Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

End of Bibblio RCM includes -->
8/25/2015
10:30 AM
Marilyn Cohodas
Marilyn Cohodas
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

Ouch! Feeling The Pain Of Cybersecurity In Healthcare

There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
2 of 7

Image Source: Keeper Security 
These numbers speak volumes!

The statistic on healthcare is from the Poneman study. The U.S. population figures are from a Department of Health and Human Services report reviewed by The Washington Post. That's one-third of the U.S. population.
Image Source: Keeper Security

These numbers speak volumes!

The statistic on healthcare is from the Poneman study. The U.S. population figures are from a Department of Health and Human Services report reviewed by The Washington Post. Thats one-third of the U.S. population.

2 of 7
Comment  | 
Print  | 
//Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/29/2015 | 11:37:43 PM
Re: Worries
@Marilyn: This is really an excellent illustration of today's data economy.  Companies ask consumers/individuals for their data, and in exchange they get valuable services, goods, etc.; otherwise, you have to pay a premium.  Self-pay at medical centers and not going through or having health insurance can get to be a pretty steep price indeed for protecting one's data.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/29/2015 | 11:35:43 PM
Re: Worries
@Dr. T: I think you have a viable screenplay idea there.  ;)
Dr.T
Dr.T,
User Rank: Ninja
8/28/2015 | 7:06:39 PM
Re: Worries
I hear you. Good point. On the other hand self-pay would either go to Apple Pay or Google Pay, and I wonder when we will hear the news that they are compromised.
Dr.T
Dr.T,
User Rank: Ninja
8/28/2015 | 7:03:18 PM
Re: Worries
I agree future is more complex than what we see today. There will be improvement on the systems but security vulnerabilities will still be exploited since there will be more complex tools to do that.
Dr.T
Dr.T,
User Rank: Ninja
8/28/2015 | 7:01:07 PM
Re: Worries
That is not a bad strategy. I bet China would still figure out a way of cloning the person and identifying the health issue in that way. There is always ways to do that. :--))
Dr.T
Dr.T,
User Rank: Ninja
8/28/2015 | 6:58:53 PM
Re: Worries
It makes me uncomfortable too. We have been hear more vulnerabilities in government systems than private sector. This by itself is a problematic situation. Why would a small private company spend money on security if government does not.
Dr.T
Dr.T,
User Rank: Ninja
8/28/2015 | 6:55:52 PM
Overall Security strategy
I think its start from top to down: Strategy. Until companies get hit by themselves they do not think it will happen to them and they do not have any real security strategy to start with.

 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
8/28/2015 | 8:05:11 AM
Re: Worries
And if you self-pay, Joe, that's one less database your PII goes in! :-0 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
8/28/2015 | 8:02:26 AM
Re: Worries
Whoopty,I think you are probably right. This is just the tip of the iceberg. We'll be seeing a lot more of this in the coming months.. and years..
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/26/2015 | 11:43:04 PM
Re: Worries
Better start going to several different doctors and complaining of several different maladies, presenting with different medical histories, to each.  ;)

Of course, then you'd probably have to self-pay.  But then at least China won't really know what your health issues are.  ;)
Page 1 / 2   >   >>
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...