Categories
Cloud Design Education Flat World Globalization Google Innovation OpenSource Reading Rich media Tablet Technology TED

Latest Read: When Gadgets Betray Us

Robert Vamosi wrote When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies in 2013. Today in the age of COVID-19 this book remains very relevant. Upon his book release, Robert spoke at Microsoft Research.

When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies
When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies

When Gadgets Betray Us is really about the internet of things (IoT) and the explosion of cheap gadgets.

This is a two fold problem: the impulse of human behavior to jump right into a new, innovative, ‘shiny’ devices. We more often skip reading the manual. Who reads manuals anyway these days?

However the ability for a nation state to remotely hack building controls and manipulate industrial machines seemed like stuff from a Hollywood movie, even back in 2013.

Clearly Vamosi could not have considered the impact of Stuxnet, the attack by Israel and the US NSA to destroy centrifuges in an underground facility in Iran. My review Countdown to Zero Day will surprise many readers.

This is a good starting point for many readers. Generally When Gadgets Betray Us reveals how our devices (phones, cars, smart watches, home thermostats and even baby monitors leaked location data. Worse, baby monitors permitted hackers to hijack the video feeds meant for remote grandparents, family and friends.

Categories
Design Education Innovation Network Technology

Pediatric Medical Devices

The Global Medical Device Podcast Episode 115 Challenges with Pediatric Medical Devices is an honest discussion addressing medical devices for children and pediatric hospitals set inside the marketplace.
medical device podcast

This episode was refreshing to hear calls for medical devices designed specifically for children. The voices of experience shared longstanding vendors cannot simply ‘retrofit’ a device for young kids.

As mentioned there is quite a difference in treating small children with devices designed for adults. Mike Drues of Vascular Sciences and Jon Speer discuss the lack of availability for such medical devices and prescription drugs, specifically with children in mind.

Simply manufacturing a “smaller version” of adult medical devices and drugs for pediatric populations may not be the best solution. Lack of availability is simply due to a lack of market.

Categories
Education Network Ransomware Technology

Philips ISCV and Xcelera flaws

Philips has yet to patch a flaw that allows cybercriminals to inject ransomware or backdoors which can result in PHI at risk of compromise.Philips reveals code execution vulnerabilities in cardiovascular devices

The Philips ISCV version 2.x and earlier and Xcelera 4.x and 3.x the servers contain 20 Windows services of which the executables are being present in a folder where authenticated users have write permissions.  The services run as a local admin account or local system account, and if a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

Philips confirms these vulnerabilities affect their IntelliSpace Cardiovascular system version 2.3.1, 3.1 and earlier. Also impacted are version 4.x and 3.x Xcelera systems (PDF). In ISCV version 3.x and earlier and Xcelera 4.x and 3.x there are 16 Windows services flaws allow hackers to run the computer with local admin rights.

Categories
Education

Philips medical device cyber attack

On August 14th, The US Department of Homeland Security’s Industrial Control Systems Emergency Response Team (ICS-CERT) issues two alerts for Philips medical devices: PageWriter and IntelliSpace.
PageWriter TC70 CardiographPhilips announced plans to patch IntelliSpace by October, roughly 45 days from the DHS announcement.

PageWriter will not be patched until “mid-2019” despite the easier, “low level” threat.

A ten month delay provides more ammunition to cyber criminals to aggressively attack healthcare.  Announcing an eight to ten month delay in patching adds confusion into the medical device marketplace. The cybersecurity community expresses the need for clinics, hospitals and health systems that monthly patching is the best way to protect assets from cyber attack. Many medical devices in production at the bedside today remain connected  to Windows XP PCs.

Categories
Cyberinfrastructure Education Network Ransomware Technology

Healthcare’s 2018 threat is crypto mining

Crypto mining attacks are more stealth than WannaCry.

Cybercriminals continue to drive crypto mining attacks on hospital computers. Some crypto mining attacks will require hospitals report a breach of PHI. If the crypto installed is the popular WannaMine, this is considered a reportable ransomware attack.crypto mining
Last year ransomware took the American healthcare industry by storm. Botnets and crypto mining experienced continued growth since 2016. The WannaCry attack on the British health system and NotPetya simply pushed them off the front pages. They did not disappear. Make no mistake, crypto mining is the new attack vector in 2018 after strong growth over the previous two years.

Tennessee hospital EMR server hit with crypto mining

On January 26th, 2018 Decatur County General Hospital in Parsons, Tennessee announced (PDF) that over 20,000 PHI records were compromised by crypto mining software discovered on the hospital’s main electronic medical records server.