MediTechSafe, Inc.

"Medical billing giant Episource is notifying 5.4 million people across the United States that their personal and health information was stolen in a cyberattack earlier this year." #Healthcare #Cybersecurity #RiskManagement https://lnkd.in/gN87B-df

Patient information may have been compromised in St. Joseph Hospital cybersecurity incident Get your #MediTechSafe #Fraud #Risk #Cybersecurity https://lnkd.in/gD93uphP

More than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash. https://lnkd.in/eP-Ayxd9

https://lnkd.in/gYwtYpHA

https://lnkd.in/g-YaazwY

14,004 unique IPs were found to publicly expose healthcare-related devices and applications on the Internet! This should be concerning for (a) patients, (b) healthcare providers, and (c) medical devices/systems suppliers. Patients need to worry because PHI can be compromised. The healthcare providers need to worry because they can be held liable for lax security efforts. The medical device and system suppliers need to ensure that their systems don't have vulnerabilities that can be exploited. The majority of the exposed DICOM hosts were linked to independent radiology and pathology service providers as well as imaging departments at large hospitals. They had insecure configurations that allowed remote access to databases of medical images without authentication! Get your #MediTechSafe. Manage clinical asset security. Ensure your products are secure-by-design. #Neologica #AGFA #Philips #Butterfly #EPIC #KonicaMinolta #PatientSafety #PHI #Cybersecurity #RiskManagement https://lnkd.in/gxVZCzVA

University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been impacted. This took place by exploiting Ivanti Endpoint Manager Mobile (EPMM) software vulnerabilities (two vulnerabilities had a possibility of chaining together for even bigger exploit). Two things are important: (a) excellence in vulnerability management by users of products/software, and (b) excellence in product security management by OEMs i.e., product makers. Every party in the ecosystem needs to take cybersecurity seriously for things to work! Get your #MediTechSafe #Healthcare #PHI #NHS #Cybersecurity #Invanti #RiskManagement https://lnkd.in/ek3GWfbg

What would the estimated cost exposure to Kettering from this incident be? We estimate it to be ~$60M based on its footprint, scale, etc. "Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage." Warning: Kettering Health also confirmed reports that scammers impersonating Kettering Health employees call patients and request credit card payments for medical expenses. Kettering has stopped calling patients for payment options! Ascension health faced $1B, Scripps faced $115M, CommonSpirit faced $150M of cost from cyber-incident. Get your #MediTechSafe #Governance #Cybersecurity #FalseSenseofSecurity #Healthcare #Safety https://lnkd.in/grn2vsNv

Ascension health faced an impact in range of $1B in the past from a cyber-incident. A cyber-incident to Scripps Health cost them about $115M. A cyber-incident cost $150M to CommonSpirit. In many cases, insurances have not covered the full cost! Get your #MediTechSafe #Cybersecurity #Healthcare #Cost #AscensionHealth https://lnkd.in/ekDX8fvZ

"[Google] unlawfully collected users’ biometrics without consent. When the mother uploads video of the birthday party, Google runs facial recognition on every face detected in that video, including the faces of uninvolved bystanders in the park, restaurant, or schoolyard." This case was about noncompliance, and the importance of transparent data practices. Google was unlawfully tracking and collecting users’ private data: - Location Tracking Without Consent: Google captured location data from other settings even if location traffic was turned off. - Collecting Biometric Data: Google collected biometric data such as voiceprints and facial geometry from Google Photos/Assistant. - Unclear Privacy Controls: Google buried or obscured privacy settings, making it harder for users to control some of that. Users -- Do we think twice before entering information in chat boxes (they could be going in companies' databases), uploading information on various portals, signing up for free or paid services that take certain information, etc.? Once/if those companies are breached, you remain vulnerable for very long time! Do we think about the risk-reward fully? Companies -- Do you realize how much liability you could be taking on when you collect user information? Do you do risk-reward calculation? Does your marketing department sufficiently think in terms of legal/regulatory/compliance risk? Now all that data could be fed in to AI models! #Privacy #Safety #Security #BusinessModels https://lnkd.in/gpAqUmzE