Monitoring of Medical Device Security to Be Scrutinized
A federal watchdog agency has updated its priorities for security-related reviews of Department of Health and Human Services’ agencies and programs this year. For example, it now plans to investigate whether monitoring of medical device security controls is adequate. It also separately issued a review of the Washington state health insurance exchange, citing several security weaknesses, including vulnerability scanning, that could potentially put sensitive data at risk.
… Keith Fricke, principal consultant at consulting firm tw-Security, says the security weaknesses OIG identified at the Washington health insurance exchange are common to many organizations, including healthcare providers.
“Small to medium-sized organizations often lack the staff to properly secure their websites and back-end databases,” he says. “SQL injection attacks have been around for a while, yet despite vendor improvements in database security features, SQL attacks are still prevalent. This is because many organizations still run older versions of web servers and databases, oftentimes without the necessary security patches.”
Vulnerability scanning is important, especially for internet-facing systems, Fricke adds. “It helps organizations identify exposed weaknesses that others may discover and exploit. Hackers often achieve unauthorized access to networks by performing the same vulnerability scans and then exploiting those vulnerabilities.”