Some cybersecurity experts are asking if a new type of federal oversight is needed to prevent an increase in HIPAA breaches due to hacking. According to Google, in 2020 Google and Apple announced a joint effort to enable the use of Bluetooth technology, with government and health agencies spreading COVID-19 “in the privacy and security of users at the heart of the design.” Helped to reduce.Company’s COVID-19 Contact Tracking AppHowever, there are reportedly serious security flaws, and individuals who use the app are suing Google for infringing their privacy.
Google and Apple have launched an exposure notification system (ENS) to help fight the coronavirus epidemic. In this system, the Bluetooth feature warns nearby individuals about potential exposure to COVID-19. Announced on April 10, 2020 and launched on May 20, 2020. Added to the device via the Google Play service update for Android. ENS is used in more than half of the states and has millions of users.
Individuals using the California Public Health COVID-19 Contact Tracking App Proceedings against Google The app publishes data and claims to violate privacy laws. Maya Levine, a technical marketing engineer for Check Point Software’s cloud security, said: According to Levine, the actual cost of these companies is not only a loss of money and public confidence, but also increasing evidence for regulatory changes.
Many devices support Bluetooth, so businesses and individuals need to be aware that a vulnerability called the “BlueBorne” vulnerability can compromise Bluetooth functionality, Levine said. Mr. says. It is widely and falsely believed that Bluetooth cannot be intercepted and that hacking always requires some user interaction. “The BlueBorne vulnerability proved that both assumptions were wrong, as simply turning on the device’s Bluetooth makes it vulnerable to attack,” Levine said.
Most people always leave Bluetooth on their device, but you should migrate to enable Bluetooth on your device only when you need it. However, this is not as easy as it sounds and is unlikely to be widely adopted. “For example, many headphones these days are Bluetooth enabled. In high-risk areas such as airports and public transport, who doesn’t listen to music at all? The important thing here is about the risks to both individuals and businesses. I think it’s about educating and making informed decisions, “says Levine.
She said European countries have changed the law to hold tech companies accountable for user data and impose heavy fines on irresponsible practices. “These tech companies have long been operating in a largely unregulated state,” says Levine. “I think this free domination is coming to an end soon. Hopefully more regulation and more attention to the industry will help these companies increase their investment in security. “
Possible vulnerabilities and attack scenarios should be scrutinized and tested before new features are released. But she said it was impossible to provide 100% protection against all types of attacks. Many studies have shown how cybersecurity incidents can be expensive for an organization. Usually the emphasis is on monetary costs, but another problem is that it seriously undermines public confidence.
“There is a general perception that if an organization fails to properly protect sensitive user data, other management processes within the organization can be flawed or corrupted,” said an assistant professor at the Faculty of Information Systems. One Dr. Benjamin said. WP Carry School of Business at Arizona State University in Tempe, Arizona.
Conducting internal security audits
Physicians can protect the privacy of themselves and their patients by conducting internal security audits. This includes investigating the internal technology ecosystem and networks within your organization, and cross-referencing vulnerable databases to check for potential security flaws. “Organizations need to work with suppliers to maintain cybersecurity consistency,” said Dr. Benjamin. “Many of the recent attacks on organizations actually come from within the supply chain.”
The compromised vendor was the cause of 2013 Target data breache And 2020 SolarWinds hack.. The organization needs to consider partnering with the so-called red team, Dr. Benjamin said. “The red team is usually a professional cybersecurity consultant familiar with network penetration,” said Dr. Benjamin. These individuals are hired to attempt to exploit potential security vulnerabilities in an organization’s systems. This helps to provide some real-world cyber attack simulation.
He said all organizations need to implement some degree of cyber risk mitigation, including technical safeguards and processes to ensure proper cybersecurity regimes. The level of cybersecurity readiness that an organization needs to deploy is usually related to the value of the data that needs to be protected. In the medical setting, the data in question is patient information, which is valuable and sensitive. Risk mitigation often begins with a consideration of the technologies, software, devices, and network equipment that organizations use to operate their IT infrastructure. “Bluetooth-enabled devices need to fall into this portfolio of technologies that are investigated and monitored,” said Dr. Benjamin. “But what makes Bluetooth vulnerable to attack is the very useful property of allowing different devices to communicate wirelessly.”
For doctors, the rate of technological progress is increasing rapidly. Assessing what new technologies can be used safely and efficiently requires consistent effort over time, but it also reduces the risk of misuse. “If you really want to adopt the latest technology in a particular area of interest, you can’t avoid being a lifelong learner,” says Dr. Benjamin. “You need to be aware of your practical needs, what new features new technologies offer, and what the risks they pose.”
Among cybersecurity professionals, it is highly recommended that clinicians work with external consultants who have a better understanding of the technology field to recommend the technology used in the healthcare environment. “At least in that case, the responsibility could be placed on the consulting organization rather than the doctor,” said Dr. Benjamin.
Bluetooth is convenient, ubiquitous and an invitation to hackers
Source link Bluetooth is convenient, ubiquitous and an invitation to hackers