Author Archives: thomaskcandon

Kotz appointed to GAO’s Health IT Policy Committee

Posted on by
Reply

The Comptroller General of the Government Accountability Office (GAO) announced the appointment of THaW PI David Kotz to the organization’s Health IT (HIT) Policy Committee. In his announcement, Gene Dodaro noted, “In developing policy for health information technology, it’s important to take into account expertise related to privacy and security and to health care research as well as the views of health care workers who are the users of HIT.”

The Comptroller General is responsible for appointing 13 of the 20 members of the HIT Policy Committee. David will fill the role of expert in privacy and security.

Read more in the full GAO press release and an article on HispanicBusiness.com

Hacking Medical Devices: Fact and Fiction (NY Times)

Posted on by
Reply

THaW PI Kevin Fu was quoted in an article published this weekend in the New York Times. Describing a scene from an episode of the Showtime Network’s series Homeland, the Times story questions how realistic it is that a person’s computerized defibrillator could be hacked. In a recent 60 Minutes episode, former Vice President Dick Cheney and his cardiologist thought the threat was credible enough to shut off the wireless programming functionality of his own defibrillator.

In the article, Kevin describes some of his research on the topic, including a 2008 paper that he co-authored warning of just such a scenario. According to Kevin “security was not on the radar yet for the medical device community…But there was a rapid trend toward wireless communication and Internet connectivity. We definitely raised awareness.”

Read the full New York Times article published on 10/27/13.

How Far Does Prevention Go When Securing Health Care Data?

Posted on by
Reply

Here we copy a post from THaW team member Eric Johnson, Dean of the Owen Graduate School of Management at Vanderbilt.  (Originally posted here.)

In most areas of health care the adage that “an ounce of prevention is worth a pound of cure” holds true. But for information security professionals in the field, the answer has not been so clear. Debate continues between two camps of researchers: one group maintains that it’s far more efficient to learn from the past and use that information to thwart future attacks; others advocate investing in preventive measures, saying that proactive organizations build a deeper understanding of both their own weaknesses and future threats. Continue reading