NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

4.11.2018

 
Cloudflare is hosting DNS over TLS and HTTPS at 1.1.1.1 and 1.0.0.1

 
2018 Verizon Data Breach Investigations Report

 
This is an interesting article that relates to HIPAA and the safeguarding of PHI. I actually worked on solving this problem with my current employer a couple years ago and something missing from this article is, why is this happening?

It could be explained as a complex relationship web of conflicting goals between the business units (hospital departments), the network management folks and network security, while this is all true in most cases it is much simpler. The hospitals are (almost) required to network certain devices and medical devices have strict certification requirements (translation: is it expensive, for a device manufacturer, to get a device through certification, therefore, they don't want to change the device). In most devices, any change no matter how minuscule (like a security patch) requires a complete recertification of the device.

There is still no excuse to have any external exposure of medical IOT devices. This is really a network security gap and considering the continually increasing risk factors that unpatched systems are posing, the network teams must work harder to ensure the protection of patient PHI.

https://www.cyberscoop.com/trend-micro-challenges-in-securing-connected-hospitals/




4.09.2018

 
Stealing Credit Cards from FUZE via Bluetooth from Lee





This page is powered by Blogger.


Site Meter Locations of visitors to this page