• Cyber-security
  • The USA's Privacy & Security Forum

    Healthcare privacy and security experts from around the U.S. will gather in Boston from 8-9 September to share information and strategize on how to combat cybercrime, insider threats and other pressing challenges to patient data. The conference comes at a critical time. Less than a month ago 4.5 million patients data at the Franklin, Community Health Systems was affected in a breach. It was the second largest HIPAA breach ever reported.

    The two-day Privacy & Security Forum, presented by HIMSS Media and Healthcare IT News will have 43 speakers and include 19 sessions.  Roughly 250 people are expected to attend. Speakers will represent various US healthcare organisations including Aetna, Kaiser Permanente, Beth Israel Deaconess Medical Center, Partners Healthcare, Parkland Health & Hospital System and Seattle Children’s Hospital. Speakers will address issues such as cybercrime, medical device security, risk mitigation, HIPAA regulations, vendor and other 3rd party compliance, among other topics.

    “When it comes to privacy & Security, the stakes have never been higher,” said Mike Moran, the forum’s program director. “Our goal with the forum is to create an environment that allows attendees to share information and best practices with each other, and learn from some of the best healthcare privacy-and-security experts in the country.”

    While Africa’s eHealth environment is vastly different to that of the US, there is no reason why African countries can’t learn from their mistakes. They could help African countries to develop tools to side-step pitfalls and mitigate risks more effectively.

  • Some cyber-security is elementary

    The image of an arch criminal as a gruesome genius seeking to bring down the cyber world with dastardly deeds that release viruses into the ecosystem may only be partly true. They can also be cunning foxes, just out to make a good and easy living at other people’s expense. Norton’s latest newsletter, which is Studio One Networks’ copyright, takes the cunning view, and describes the top five social media scams. It’s a neat checklist.

    Chain letters: they could be from practical jokers or a spammer needing fake friends to hit up later, and many well-meaning people pass these fake claims onto others, when they should break the chain and inform their contacts of the likely ruse Cash grabs: these are requests for money, sometimes from a malware-infected computer grabbed all of his contacts and forwarded the bogus email to everyone, waiting to see who would rise to the bait Hidden charges: these ask you to do things, like answer a superficial question, then enter your information and cell number, and after a few minutes you’re a regular subscriber to trivial and dubious service Phishing requests: these use fake email addresses and landing pages that ask you to enter your security information Hidden Uniform Resource Locators (URL): a shortened URL, seen in many tweets, conceals the full location, so clicking on a malicious URL may connect directly to a site that downloads and install malware.

    An important feature of bogus hidden URLs is that they like to mimic legitimate sites that attract lots of visitors. The big-scale opportunities are the lure for criminals.

    While Norton’s newsletter tends to focus on individual users, it’s checklist is just as appropriate for healthcare organisations. Both the cunning criminal and the arch criminal need repelling.

  • Need help with growing security risks?

    Anxiety disorders have many manifestations. One is wondering about cyber-attacks. Another is wondering where the data breaches are. Data Protection Strategies for the Health IT Pro, a Search Health IT ebook might help. Its focus is encryption.

    The simple principle is that protecting patient data is a major priority for all healthcare organizations. Using encryption technology strategically throughout an organization can prevent data from falling into the wrong hands. The task begins with a rigorous risk analysis and with data security seemingly easy to breach, it sees data encryption as essential.

    The report is free. To download it, go to the SearchHealthIT website, create an account if you do not have one already, and download it. If you go to the Expert E-books page, there are many other valuable publications.

  • Cyber-security has another front

    Coping with data breaches is not enough. Denial of Service (DoS) is an increasing threat. Cloud fare, a web performance and security company says a recent malicious attack exploited a fundamental vulnerability in the Network Time Protocol (NTP), a system used to synchronise computer clocks. The BBC carries the report that predicts a growth in DoS attacks that bring a system down.

    There are thousands of NTP systems globally. Many of these protocols are essential, but not secure.

    NTP began in 1985. It operates mainly in its original way, despite changes and developments. NTP transactions are usually small volumes. It is vulnerable in two main ways. One is when the amount of data the NTP sends back is bigger than the amount it should receive, amplifying an attack. The other is spoofing the original computer’s location, tricking the NTP into sending the information to another location. The recent attack seemed to use several machines spoofing their locations.

    African countries need to take cyber-security measures to deal with this increasing threat.

  • Cyber-security conference in Kenya

    With cyber-security’s rampant rise up the list of ICT priorities, Chief Information Security Officer (CISO) ICT Security Africa has its fourth summit and roundtable on 8 to 11 April in Mombasa, Kenya. MIS Training, the global ICT security training firm, is behind the initiative.

    The theme is Integrated Security to Protect Information and Technology Assets in Business and Government. The programme includes:

    Cyber Crime Africa Threat Landscape and Security Intelligence Information  Security Risk and Governance Africa ICT Security Africa Think Tank – Cyber Attack – Lessons Learnt and Experiences Shared on the Anatomy of a Security Breach: A Response Guide for Africa Big 3 – Cloud, Big Data, Social Networking Network and Application Security FinSec – Cyber Security for Banks Interactive Benchmarking Clinics – Developing Information Security Professionals in Africa ICT Security Africa Roundtable Digital Forensics and Investigations Clinic

    Registration is open and MIS Training’s secured site.

  • Firewalls for the future?

    As cyber security becomes more challenging, increasingly sophisticated tools are part of the response. Needs are becoming more sophisticated. A White Paper from IDG Connect  says that the proliferation of cloud computing and web 2.0 technologies, firewalls have new challenges to deal with. Traditional firewalls cannot keep pace with the changing ICT landscape, are often blind to applications and unable to prioritise productive and secure traffic within the organisation. The White Paper:

    Sets out the capabilities of firewall’s next-generation firewalls

    Shows how they can protect business activities Understand how to manage bandwidth for critical applications Explore how next-generation firewalls can block p2p applications to aid productivity Proposes a specific commercial solution

    The White Paper proposed eleven initiatives:

    Control applications allowed on networks Manage bandwidth for critical applications Block peer-to-peer applications Block applications’ unproductive components Visualize application traffic Manage bandwidth for a group of users Block viruses from entering networks Identify connections by country Prevent data leaks over email Prevent data leaks over web mail Bandwidths manage streaming audio and video.

    The White Paper says that Dell SonicWALL Application Intelligence and Control solves these. Accessing the White Paper needs you to register with IDG connect.

  • Cyber-security supply side merger a step up

    With increasing anxiety about cyber security, two big companies with good track-records, FireEye and Mandiant, are merging. Reuters has reported that FireEye Inc has acquired Mandiant Corp. Mandiant was the company that found a Chinese military unit believed to be behind hack attacks on US companies.

    The two companies already have a technology development agreement to deploy their products together. Security experts expect the merger to increase growth in FireEye’s cloud-based systems for detecting malicious software and Mandiant’s software that analyzes cyber attacks.

    With eHealth regulation becoming increasingly important for African countries as they expand and develop their eHealth initiatives, it is reassuring to know that cyber-security providers are increasing their scale and improving their potential to combat threats. It makes cyber security goals for eHealth more viable.

  • Privacy, confidentiality, security in Sri Lanka: A comparative analysis

    Countries are never the same, so comparisons have to be cautious. Sri Lanka has developed the informatics skills of its medical workforce over several years, and is well-placed to succeed with its eHealth initiatives. Countries following in this wake can learn from Sri Lanka.

    Sri Lanka Journal of Bio-Medical Informatics has a report by Harshani Menaka Ratnayake on the privacy, confidentiality and security issues of EHRs. It is posing considerable legal challenges for the quality of records and tort based liability because the current law does not provide sufficient legal backing for sensitive personal health data.

    Harshani Menaka Ratnayake’s report reviews legislation from the USA, the UK and the EU, including:

    The Health Insurance Portability and Accountability Act (HIPAA) of 1996 The Patient Safety and Quality Improvement Act (PSQIA) of 2005 Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Data Protection Act of 1998 in the UK EU Directives.

    The report sees opportunities in adapting suitable legislations from these. It can include:

    Defining the criteria for establishing a valid legal record Creating the data controller role Laying down a clear framework for sharing personal health data Defining the criteria for using EHR data for research Setting measures to encourage EHR adoption Setting standards Developing the Computer Crimes Act to include specific provisions to deal with crimes involving EMRs.

    Gaining a wide consensus from all relevant stakeholders is essential before implanting legislation, especially ensuring that it does not hinder the ICT industry in improving Sri Lanka’s healthcare. All African countries can benefit from Sri Lanka’s approach.

  • If you think EHR's are secure, read this

    Don Marquis was a USA humorist and journalist who said “Fishing is a delusion entirely surrounded by liars in old clothes.” A literature review by Ayanthi Saranga Jayawardena in the Sri Lanka Journal of Bio-Medical Informatics has found all EHRs have security, privacy and confidentiality weaknesses.

    The study found 25 published articles on PubMed to identify the major issues of security, privacy and confidentiality of eHealth, especially EHRs. It then describes the current methods for overcoming them. The main finding is that eHealth users need different approaches for social, cultural and governmental factors to improve security, privacy and confidentiality issues. The 25 PubMEd articles is about 11%of the total articles found.

    These findings are consistent with the ESA eHealth Regulation Study for Sub-Saharan Africa. It found that examples of good eHealth regulatory practice had about 60% of the regulation coverage needed.

    With cyber-security becoming a bigger challenge over recent months, and tales of security breaches emerging in a steady, often unspectacular flow, a belief in eHealth security seems like a fishing delusion. Constant vigilance and improvement are vital for all countries.

  • Cyber security conference for Africa in Nairobi this year

    After the success of last years’ East Africa IT & Cyber Security Convention, which attracted more than 300 people, the event for heads of ICT and security will this year be hosted in Nairobi Kenya from 28 to- 29 November

    The conference theme is “Navigating Cyber Security Threats.” It emphasizes the increasing importance of ICT security in today’s world, and exposes the region and the ICT sector to the new and emerging threats and vulnerabilities. Cyber security is becoming an essential cost that outweighs the cost of attack. Even home users try to protect themselves from it.

    The conference brings together leading cyber and ICT security experts who will provide key insights into cyber security issues surrounding cyber networks, mobile, and IT infrastructures. Cyber-crime issues such as security and resilience are critical and need addressing rigorously. The event aims to enhance participants’ understanding of the current issues and comprehensive range of possible solutions.

    eHealth News Africa has reported extensively on the cyber threats and cyber security and is monitoring developments and incidents from global sources. It is encouraging to see the continuous support for the Convention.