Category: Data leakage

  • The golden rules of HIPAA compliance for your clinical trials

    As Flask Data customers progress through their clinical trial journey to FDA clearance and post-marketing, we are frequently asked on how to achieve HIPAA compliance in an era of digital health apps, medical IoT and collection of RWD (real-world data) from patients. I will try and help you make sense out of HIPAA and the HITECH […]

  • A word to Teva on firing employees and assuring data security

    To be able to do something before it exists, sense before it becomes active, and see before it sprouts. The Book of Balance and Harmony (Chung-ho chi). A medieval Taoist book In early December 2017, the Israeli pharmaceutical generics company Teva announced it would lay off about 1,700 of its employees in Israel, who make up […]

  • WannaCrypt attacks

    For your IMMEDIATE notice: If you run medical device Windows management consoles, run Windows Update and update your machine NOW. This is my professional advice considering the new ransomware worm out there attacking machines MS17-010 has been out more than a month, but we have to assume that that the majority of Windows-based medical devices […]

  • What is more important – patient safety or hospital IT?

    What is more important – patient safety or the health of the enterprise hospital Windows network?  What is more important – writing secure code or installing an anti-virus? A threat analysis was performed on a medical device used in intensive care units.  The threat analysis used the PTA (Practical threat analysis) methodology. Our analysis considered […]

  • Why HIPAA Policies and Procedures are not copy and paste

    Compliance from Dr. Google is a very bad idea. Searching for HIPAA Security Rule compliance yields about 1.8Million hits on Google. Some of  the information is outdated and does not relate to the Final Rule and a good deal of other information is sponsored by service providers and technology companies selling silver bullets for HIPAA compliance. The […]

  • Why the Clinton data leaks matter

    In the middle of a US Presidential election that will certainly become more contrast-focused (as politically correct Americans like to call mud-slinging), the Clinton data leaks are interesting and also worth investigation for their longer-term impact on the US economy, Shaky ethics versus data protection A friend who is a political science professor told me that […]

  • Why audit and risk management do not mitigate risk – part II

    In my previous post Risk does not walk alone – I noted both the importance and often ignored lack of relevance of internal audit and corporate risk management to the business of cyber security. Audit and risk management are central to the financial services industry Just because audit and risk management are central to the financial […]

  • 3 things a medical device vendor must do for security incident response

    You are VP R&D or CEO or regulatory and compliance officer at a medical device company. Your medical devices measure something (blood sugar, urine analysis, facial anomalies, you name it…). The medical device interfaces to a mobile app that provides a User Interface and transfers patient data to a cloud application using RESTful services over HTTPS. Sound familiar? […]

  • Why your security is worse than you think

    Courtesy of firstpost.com

    Thoughts for Yom Kippur – the Jewish day of atonement – coming up next Wed. Security on modern operating systems (Windows, OS/X, iOS, Android, Linux) is getting better all the time – but  Android using SELinux and MAC (mandatory access control) doesn’t make for catchy, social-media-sticky news items. A client (a good one) once told […]

  • On Shoshin and Software Security

    I am an independent software security consultant specializing in medical device security and HIPAA compliance in Israel.   I use the state-of-the art PTA – Practical Threat Analysis tool to perform quantitative threat analysis and produce  a bespoke, cost-effective security portfolio for my customers that fits their medical device technology. There are over 700 medical device companies […]

1 2 3 19
Next Page