Connected medical devices are transforming healthcare. Unfortunately, security is too often an afterthought for the clinical engineering and business technology (BT) management teams implementing these revolutionary new technologies. In a recent report, Forrester predicted that 2016 will be the year we see ransomware for a medical device or wearable. This is a delicate thought, considering: 1) the Healthcare Industry is actually behind on data security compared to other industries and 2) the FBI highlighted the risk posed to medical devices in their recent public service announcement: Internet Of Things Poses Opportunities For Cyber Crime.
This research initiative seeks to answer the following: Are there real threats posed by the emergence of connected medical devices? What can you do to protect your patients and employees from life threatening breaches? Is there an underground market for medical device exploits? This research will publish in early 2016 and will be featured in my talk at the RSA Conference this March.
We are looking for research interview candidates to support this initiative, specifically security professionals working in a healthcare setting or medical device security vendors with current solutions on the market. In exchange for your time, we will provide you with a complimentary copy of the final research. While anyone who participates will have the opportunity to be listed as an interviewee in the final report, all interviews will be treated as confidential unless expressly instructed otherwise.
Businesses are moving toward personalization, which means they’ll increasingly collect personal data to get a better idea of what their customers want and need. In the age of the customer, defined by Forrester as a 20-year business cycle when successful enterprises will reinvent themselves as digital businesses in order to serve their increasingly powerful customers, protecting customer data is a critical aspect of fostering trust and building long-lasting relationships.
Regardless of location, all countries should have this goal in mind, but privacy regulations vary from country to country and often conflict with each other. For global organizations, navigating these laws can be daunting. To help businesses tackle this challenge, Forrester published its 2015 Data Privacy Heat Map. Originally created in 2010, the tool leverages in-depth analyses of the data privacy-related laws and cultures of 54 countries around the world, helping security leaders and decision-makers better design their own approaches to privacy and data protection.
By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).
Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.
■Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.
Corporations spend a lot of time and money to ensure their employee- and customer-facing technologies are compliant with all local and regional data privacy laws. However, this task is made challenging by the patchwork of data privacy legislation around the world, with countries ranging from holding no restrictions on the use of personal data to countries with highly restrictive frameworks. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.
The most recent update to the tool, which published today, highlights two opposing trends affecting data privacy over the past 12 months:
Increased government surveillance continues to impede the free flow of information. Corporations worry that storing or processing data within the borders of a country with high levels of governmental surveillance could place their intellectual property at risk. Notable additions to the tool's growing list of countries with lowered barriers to government surveillance include the US, Germany, and the UK.
Does your organization have a significant number of endpoints still running Windows XP? Don’t worry, you’re not alone: Forrester's Forrsights Hardware Survey, Q3 2013 shows that the average organization still has 20% of their employee endpoints running XP. Considering that most organizations spend 18 to 32 months when migrating to newer versions of Windows, many organizations will likely find themselves scrambling to batten down the hatches before Microsoft’s April 8, 2014 end-of-life deadline.
After this date, Microsoft will stop releasing security patches for the 13-year-old operating system, a terrifying situation for organizations still relying on XP. What can you do as an organization if you still have a substantial XP presence within your environment? You can:
Migrate to Windows 7 or 8 posthaste. Microsoft has come a long way in preventing certain classes of attacks, such as bootkit and rootkit attacks. In fact, Microsoft has told us that Windows XP is 21 times more likely to get infected with malware than Windows 8.1. To help our clients understand the pros and cons of Windows 8.1 security, I recently published a guide on this very topic.
Buy some extra time. For those that can afford it, Microsoft will offer “custom support” in the form of XP security patches past the April 8 deadline. I’ve spoken with a number of organizations that determined that it would be cheaper to pay this premium than to migrate away from XP. Of course, this is just prolonging the inevitable; custom support will not be available forever.
As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.
Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:
New national omnibus data privacy laws spanning private and/or public industry. Data privacy regulation, when looked at globally, forms a spectrum of maturity beginning with spotty industry or situation-specific laws all the way to omnibus frameworks. As you might expect, responsible corporations prefer to engage in business practices where the data privacy laws are clearly-defined and transparent. For instance, countries such as Brazil and China are in the process of moving towards potential omnibus laws which will replace a multitude of sectoral and situation-based laws. Other countries, such as Colombia and Singapore, have recently passed far-reaching omnibus laws, also replacing a patchwork of prior sectoral laws.