More from: security


Security Fixes Kill Hospital Patients

2015 ‘security fixes’ on computers resulted in 34 to 45 more deaths per 1,000 heart attack patients

From another article in Dark Reading. The data is old (most recent from year 2015) and updated data should be collected because we learn and change how we deal with security breaches. The underlying reason however seems very timely: clinicians trying to use hospital computer systems after a vulnerability is “fixed” face radical problems getting access to care for patients, and as a result more patients die due to the security “fix” preventing timely care. In medical terms, we would say “The cure is worse than the disease.”

Healthcare IT systems may show that shock in slower and more disruptive change than those in other industries because they start from a relatively weakened position security-wise. “For the most part the healthcare industry, and especially the providers, has been a laggard for information security,” says Larry Ponemon, founder and chairman of the Ponemon Institute.

When hospitals respond to a breach, the response tends to have a major impact on their legitimate users. According to Choi’s research, “new access and authentication procedures, new protocols, new software after any breach incident is likely to disrupt clinicians.”

That disruption is where the patient is affected, through inaccurate or delayed information reaching the people caring for them. And how much, in blunt terms, can that effect be? The study says an additional 34- to 45 deaths per 1,000 heart attack discharges every year.

Read the article at https://www.darkreading.com/endpoint/privacy/fixing-hacks-has-deadly-impact-on-hospitals/d/d-id/1331386. I had a link to the study here also, but the link goes to a “registration” web site. You can follow that link in the Dark Reading article if you so desire.


Articles of Interest

5 Things To Know About CISA

Despite criticism from privacy advocates, the Cybersecurity Information Sharing Act passed through the Senate yesterday.
Yesterday, S. 754, the Cybersecurity Information Sharing Act (CISA) passed through the Senate, despite protests from privacy advocates and many information security and technology companies. A related bill passed through the House earlier this year; now CISA will go through a conference stage before heading to the President. http://www.darkreading.com/analytics/5-things-to-know-about-cisa

It’s not a law yet, but here are a few things to know about CISA, going forward.

SSD Pricing Vs. HDD Costs

Any way you cut it, solid-state drives are becoming a better bargain than hard disk drives.
In some ways, the solid-state drive/flash market is a clear example of irrational behavior. We have a product that supercharges systems and reduces overall costs by large factors, but buying that product often seems to hinge on the price of the device itself. http://www.networkcomputing.com/storage/ssd-pricing-vs-hdd-costs

Wireshark: Editing A Packet

In this video, Tony Fortunato shows how a new feature in the Wireshark network analysis tool allows you to sanitize the information in a trace file before sharing it.
There are many situations where you wish you could share a trace file with a vendor, but you can’t because the packets may contain sensitive data such as corporate identifying information, IP addresses, and passwords.http://www.networkcomputing.com/networking/wireshark-editing-a-packet

xxx


But then there is the user

Security never relies on some algorithm, but on the user comprehending the principles and acting sanely. Usually there is a chain of security and every link must be kept secure on its own, for the whole concept to work. Therefore every encryption method has some immanent weaknesses which once met, define a method as considerably secure. But then there is the user…

http://wiki.openwrt.org/doc/techref/signature.authentication