Information Security with Occasional Forays into Other Realms
via Anna Gorman writing at The Atlantic (along with Kaiser Health News) are sounding the klaxxon horns in warning of an astonishing fact in the United States: The influx of infectious diseases in the homeless populations of several states. This my friends, is a true and deadly emergency.
And then, there's this...
via Joseph Cox, writing at Motherboard (a Vice property), tells ths unfortunate tale of a Russian company selling zero-day exploit code, targeting hospital software... Today's MustRead. H/T
"Gleg offers several different packs of exploits for clients: Agora covers mainstream web software; the “SCADA+ Pack” is focused on “industrial software and hardware environment” issues, and, predictably, the MedPack includes vulnerabilities for medical software. A one year subscription for MedPack costs $4,000, and for that Gleg provides 25 exploits per year, most of which are zero-days, Gurkin wrote." - via Joseph Cox, writing at Motherboard (a Vice property)
Danny Palmer - of ZDNet - tells a tale of a new (and ostensibly - mysterious) worm, evidently targeting health care contraptions (reportedly X-Ray Photography Systems and MRI Scanners). There is some discussion attributing the attacks are performing reconnaissance...
Superb accounting of the built-to-fail systems in healthcare, and the predeliction of those same systems towards victimization by ransomware attacks. Via Robert N. Charette writing at the IEEE's Spectrum Magazine.
The National Institute of Standards and Technology (NIST) National Center for Cybersecurity Excellence (NCCOE) has released it's latest draft medical device related security document, entitled 'NIST Special Publication 1800-8 Cybersecurity Special Publication 1800-8 Securing Wireless Infusion Pumps - In Healthcare Delivery Organizations'. Authored by Gavin O'Brien, Sallie Edwards, Kevin Littlefield, Neil McNab, Sue Wang and Kangmin Zheng - the document is available as either a PDF or web-based artifact. Enjoy.
"Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, these devices now connect wirelessly to a variety of systems, networks, and other tools within a healthcare delivery organization (HDO) – ultimately contributing to the Internet of Medical Things (IoMT)." - via the National Center for Cybersecurity Excellence (NCCOE)
In the Information Security racket, and find yourself banging your head against the wall too often? Displaying angry, curmudgeon-like characteristics? You - my friend - are in luck, as Mike Rothman President of Securosis holds forth in this entertaining [yet interestingly true] video for many security professionals.