4/1/2016

Hospital Cyber-Attack Highlights Health Care Vulnerabilities   A cyber-attack that paralyzed the hospital chain MedStar this week is serving as a fresh reminder of vulnerabilities that exist in systems that protect sensitive patient information.  That attack came a month after a Los Angeles hospital paid hackers $17,000 (roughly Rs. 11,25,000) to regain control of its computer system and more than a year after intruders broke into a database containing the records of nearly 80 million people maintained by the health insurer Anthem.  In Anthem’s case, only a single password stood between hackers with a stolen employee ID and a chance to plunder the Blue Cross-Blue Shield carrier’s database, according to a federal lawsuit filed by customers over the breach.   http://gadgets.ndtv.com/internet/features/hospital-cyber-attack-highlights-health-care-vulnerabilities-820208

DHS Cyber Resilience Review    The Cyber Security Evaluation program, within the Department of Homeland Security’s (DHS) Office of Cybersecurity & Communications, conducts a no-cost, voluntary, non-technical assessment to evaluate operational resilience and cybersecurity capabilities within Critical Infrastructure and Key Resources sectors, as well as State, Local, Tribal, and Territorial governments through its Cyber Resilience Review (CRR) process.  The goal of the CRR is to develop an understanding of an organization’s operational resilience and ability to manage cyber risk to its critical services during normal operations and times of operational stress and crisis. The CRR is based on the CERT Resilience Management Model ( http://www.cert.org/resilience/rmm.html ), a process improvement model developed by Carnegie Mellon University’s Software Engineering Institute for managing operational resilience.   https://www.us-cert.gov/sites/default/files/c3vp/crr-fact-sheet.pdf   Hospitals interested in scheduling a Cyber Resilience Review should contact Billy Sasser, DHS Protective Security Advisor, (850) 942-8335.