Kevin Fu Named As IEEE Fellow

Wei LuTHaW leader Kevin Fu was recently named a fellow by the Institute of Electrical and Electronics Engineers (IEEE) for his contributions to embedded and medical device security. The honor comes as part of the 2018 class, and  is “a distinction reserved for select IEEE members whose extraordinary accomplishments in any of the IEEE fields of interest are deemed fitting of this prestigious grade elevation”. To read more about Kevin’s award and accomplishments, click through below.

Kevin Fu Elected IEEE Fellow for Contributions to Embedded and Medical Device Security

A ‘Crisis’ in Healthcare Security

Recently Professor Avi Rubin was invited to speak at Enigma — a new security conference geared towards those working in both industry and research, recently launched by the USENIX Association.

According to Professor Rubin, health care information security is in crisis. In this presentation, Professor Rubin emphasizes the numerous vulnerabilities of our health care system. These vulnerabilities range from overt circumventing of security protocols to blissful ignorance of network security concerns.

Professor Rubin goes on to identify what makes cybersecurity in health care different from other fields, such as financial services. Finally, Professor Rubin offers a ‘Top Ten’ list of actions the health care community can take right now to improve the cybersecurity of health care.

Watch Rubin’s talk on YouTube.

Virtual Fitness Coach from Under Armour

“It’s fascinating, what’s happening, and very exciting,” – Avi Rubin

At the 2016 Consumer Electronic Show (CES) last week, Under Armour announced a suite of products and services relevant to THaW research topics.  Journalists sought out THaW researcher (and PI at Johns Hopkins) Avi Rubin for comment.

First the athletic wear maker unveiled its first-ever collection of fitness devices, a suite of products dubbed UA HealthBox that included a wristband, a heart-rate monitor and a Wi-Fi-enabled scale — plus a separate “smart shoe” and Bluetooth headphones. It also upgraded the UA Record application that powers those devices. … “It’s fascinating, what’s happening, and very exciting,” said Avi Rubin, a Johns Hopkins computer science professor…. (Lorraine Marbella, Baltimore Sun, January 9, 2016 [http://www.baltimoresun.com/business/under-armour-blog/bs-bz-under-armour-ibm-watson-20160109-story.html])

This is the first of many such announcements we anticipate throughout 2016. The challenge facing the THaW community is how to ensure that privacy is protected and the collected data is secure.

Securing Healthcare IT Needs To Step Up Its Game…

Professor Avi Rubin (Johns Hopkins University) decries the lack of cybersecurity awareness and activity in the healthcare IT sector. “Of all the industries I’ve seen, healthcare seems to be the most behind in terms of securing their IT.” To read the rest of the Professor Rubin’s interview click here.

Former THaW Postdoc Denis Foo Kune Has a New Company to Protect Medical Devices from Malware

“PhDs Benjamin Ransford and Denis Foo Kune developed the platform which uses the “traditionally undesirable” power consumption side channel to detect malware with the accuracy of desktop anti-virus at run-time without the need to modify the hardware or software of systems.”

To read more about Kune’s WattsUpDoc platform click here.

Will Health Tech Ever Be Hack Proof?

Professor Kevin Fu participated recently on a panel entitled, “Will Health Tech Ever Be Hack Proof?” at the New America symposium on Our Data, Our Health: The Future of Mobile Health Technology (26 March 2015). Joining Kevin to explore the personal, economic and regulatory implications of securing health related technology were Lucia Savage, Chief Privacy Officer, National Coordinator for Health IT, Alvaro Bedoya, Executive Director, Center on Privacy and Technology, Georgetown, and the panel’s moderator was Peter Singer, Strategist and Senior Fellow, New America. The video of this panel discussion can be found here.

A summary of the panel discussion described above can be found in this issue of CIO. [CIO]

Revisiting SETA to increase health data stewardship

Training for Information Security – A.J. Burns and M. Eric Johnson, Vanderbilt University

A.J. Burns photo (Vandebilt)

A.J. Burns, Vanderbilt

In today’s digital economy, the uses and users of organizational information are growing rapidly. Perhaps in no industry is this more evident than in the health sector. As the chain of custody of personal health information becomes increasingly complex, many organizations are seeking new ways to train employees to increase health data stewardship. The most common channel for organizational influence over employees’ security-related behaviors are the firm’s security education, training and awareness (SETA) initiatives, yet relatively little research has investigated theoretical approaches to understanding SETA’s motivational effectiveness.

portrait of Eric Johnson

M. Eric Johnson, Dean of the Owen School of Management

Recent research presented at the Hawaiian International Conference on Systems Sciences (HICSS 2015) provides a diagnostic approach to SETA’s influence on employee motivation through the lens of expectancy theory (also known as VIE Theory). The findings show that when it comes to motivating security behaviors, proactive and ommisive behaviors are influenced by distinct expectancy dimensions. Interestingly, expectancies (i.e., the perception that one’s effort will lead to behavior) and instrumentalities (i.e., the perception that one’s behavior will lead to a desired outcome) were positively related to information security precaution taking; while security valence (i.e., the perception that it is good to protect one’s firm from security threats) was negatively related to the withdrawal from information security-enhancing behaviors (or security psychological distancing). These results provide a framework for future study and should help organizations dealing with sensitive information develop SETA initiatives by targeting the distinct expectancy dimensions.

See the full paper at http://conferences.computer.org/hicss/2015/papers/7367d930.pdf

Dr. Avi Rubin to deliver keynote at the AMIA Annual Symposium

rubin_thawDr. Avi Rubin will be the opening keynote speaker at the upcoming AMIA (American Medical Informatics Association) Annual Symposium on November 14, 2015 to be held in San Francisco, CA. Dr. Rubin will focus his remarks on the vulnerability of medical devices and electronic health record systems. For more information about the upcoming AMIA symposium – Click here.

THaW quoted on Anthem story

When KQED radio needed input on the breaking news about the Anthem hacking incident, they reached out to THaW.  David Kotz, PI, is quoted in this brief story on KQED: ; the tagline is “California’s largest private insurer, Anthem, said on Wednesday it has been hacked. The insurer said hackers broke into databases that stored customers’ personal information such as birthdays, social security numbers and employment information.”

 

FDA visits NIST federal advisory committee on security and privacy (audio available)

As previously referenced in the official blog of the Ann Arbor Research Center for Medical Device Security,the NIST Information Security and Privacy Advisory Board (ISPAB) held a public panel on October 24, 2014 entitled “Updates on Embedded Device Cybersecurity: Medical Devices to Automobiles.”

Professor Kevin Fu has provided an audio recording of this meeting that can be found here — http://blog.secure-medicine.org/2014/10/fda-visits-nist-federal-advisory.html