10 Oct

In other news - International debates re: medical data security

By TMG Webmaster TMG General News


Hey, IoT vendors. When a paediatric nurse tells you to fix security, you definitely screwed up
Jelena Milosevic says what we're all thinking
By John Leyden 5 Oct 2017 at 16:35

A children's nurse told delegates at the Virus Bulletin conference in Madrid on Thursday to get a grip on Internet of Things security.

Jelena Milosevic, who developed an interest in cybersecurity over the last three years, told attendees that the healthcare sector needs to work with infosec experts and manufacturers to sort out the emerging problem of the security risk posed by internet-connected medical kit.

For one thing there is no medical need for such devices to be connected to the net 24/7, she said.

More fundamentally, government regulation is needed to mandate baseline security standards. Milosevic advocated coordinated vulnerability disclosure, a process that would mean security researchers would work with manufacturers to fix issues before going public. IoT vendors have a reputation for being slow to both acknowledge and remediate security problems.

"You can't just buy security, you have to build it," she said.

Milosevic's thinking on this parallels that of infosec luminaries such as Bruce Schneier.

Security and privacy issues have become increasingly important for hospitals. Ageing systems host troves of personal, medical and financial information that the unscrupulous might easily be able to monetise.

Privacy and the protection of computer records is sometimes put on the back-burner, and caring for the devices used in hospitals is an afterthought, meaning computers and other devices are seldom patched and frequently exposed to vulnerabilities, Milosevic argued. Criminal behaviour can go unnoticed for long periods and – without proper security controls – patient records might be manipulated. Security needs to be built from the ground up and supplemented with awareness programmes. Milosevic argued that hospitals need processes and procedures for infosec in much the same way that they need protocols for patient treatment.

Ransomware attacks against hospitals have featured prominently in national news stories on both sides of the Atlantic with the devastating effects on the operations of many NHS trusts as a result of WannaCry just the most high-profile example. There's no confirmed loss of life from WannaCry, Milosevic said, but added that the "biggest problems are those we don't yet know about".

Milosevic has worked for various hospitals in the Netherlands since 1995 and before that spent 10 years on the intensive care unit at the University Children's Hospital in Belgrade.

For the last three years Milosevic has been a member of the I Am The Cavalry and Women in Cyber security organisations. ®

Share this post

Author

TMG Webmaster

TMG is proud to be a values based company. We work hard to uphold our values not only among ourselves as team members but with our clients, third parties, and the wider public. Our unique set of values were chosen with deliberation, and reflect who we are and where we are coming from.

Centralisation

Build capabilities to provide high quality centralized support services for primary care providers throughout New Zealand.

Local Markets

Build capabilities or partner in local markets to ensure we are close to our customers, really understanding their businesses and being there to help when needed.

Emerging Technologies

Stay abreast of emerging technologies to ensure we have the best tools and processes available to help our customers deliver the best possible care for their communities.

Our Purpose

To be the leader in primary health business support. Through the provision of advanced, technology based, business services and support we enable primary healthcare providers to deliver higher quality care more cost effectively for their patients.