Virta Blabs

bac.jpg

Not All Heroes Wear Suits: Finding Risks Before Attackers Do

Posted by Ben Ransford on May 16, 2017 6:35:00 AM

(This post is part 2 of 2.  Yesterday we wrote about the unfair fight between attackers and defenders.  Today: simple tools and techniques.)

 

If you WannaCry after this weekend's explosion of worm-ridden ransomware afflicting healthcare providers, go ahead; you're not alone.

The good news is that there are concrete steps you can take to assess your organization's level of exposure to WannaCry a

nd the vulnerability it exploits.  In this post, we'll share some free, basic tests you can perform using tried-and-true open-source tools.  We sell fancy tools to collect and assess networked clinical device inventory, but as technologists and IT administrators ourselves, we're always inclined toward whatever tools get the job done fastest.  In this post we'll cover a simple set of tests that you can start running in under a minute.

Read More

Topics: Ransomware, Asset Management, Clinical Cybersecurity

Safety first: cybersecurity of assets on clinical networks

Posted by Kevin Fu on Mar 4, 2017 3:39:54 PM

It's been an amazingly busy year for medical device security. In 2015, the average hospital had not heard of ransomware. (We warned of the hospital malware onslaught in 2012!) In 2016, the hospital C-suites began asking us, "Could that happen here??" after neighboring health systems were taken offline for days by malware. Duh, yes. The important question is how will you ensure that hospital operations continue to remain available to deliver patient care despite legacy capital equipment, cybersecurity risks, and the shifting threat landscape.

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS

OCR on ransomware and why inventory matters

Posted by Kevin Fu on Jul 13, 2016 8:19:46 PM

This blog post is about the long awaited fact sheet from HHS Office of Civil Rights (OCR) on ransomware, and why you should take this one seriously in terms of having an accurate inventory of networked medical devices to reduce the probability of enjoying the pleasure of reporting a breach to OCR.

Read More

Topics: Healthcare Cybersecurity, Ransomware, Medical Device Security, Legacy Medical Devices, Asset Management, Enterprise Risk Management, Inventory Management, Clinical Security, CMMS