THaW researcher Kevin Fu, along with colleagues Chen Yan and Wenyuan Xu, recently released a technical report on a mysterious ailment at the United States embassy in Cuba. After exploring a wide variety of options, the trio concluded that the ailment may in fact have inadvertently been caused by interfering ultrasonic waves in the environment. Click through below to see some press coverage their discoveries have received, in addition to the full technical report.
As part of THaW’s efforts towards community outreach and education, we have developed a curriculum based on the FitBit technology platform. This curriculum has been successfully deployed in two pilot groups let by THaW associates over the past two years.
Now, THaW researcher Joseph Carrigan, along with PI’s David Kotz and Avi Rubin, has formalized the curriculum into a technical report to allow others to use our implementation. Said Carrigan, “We developed an outreach activity that is engaging, informative, and repeatable. We are interested to see how it will be used at other locations.” To peruse the technical report and access the curriculum guidelines, please click below.
THaW member Eric Johnson (along with co-author Sung Choi) recently published at the 14th Workshop on The Economics of Information Security. In the paper, the two explore the ramifications of hospital data breaches, and if these breaches have an effect on quality of care. To learn more, click through to the paper below.
THaW researcher Kevin Fu recently joined his colleague Harold Thimbleby to discuss the challenges and obstacles created by ransomware. Read their comprehensive assessment of the problem, as well as possible solutions, at the link below.
THaW contributor Eric Johnson’s conversations from the CISO conference continued with VP and CISO of Kindred Healthcare, Charles Lebo. The two had a conversation to discuss some of the emerging challenges of healthcare security. The topics ranged from the scope of large healthcare datasets, to the emergence of ransomware and maintaining data security.
Click here, or play the embedded video above, to hear the discussion in full.
THaW researchers A.J. Burns, Eric Johnson and Peter Honeyman, have compiled a compelling chronology of medical device security in their recently published article in Communications of the ACM, “A Brief Chronology of Medical Device Security” (see the THaW blog’s publication page for complete reference information and a link to the article).
The authors identify three key points relating to medical devices:
- Frightening language and misinformation often characterize discussions of cybersecurity and medical devices.
- There are always security trade-offs when designing, deploying, and maintaining medical devices.
- Medical devices are often not that different than other network-enabled digital devices, in terms of their vulnerability to network-based cyberattack.
The authors further identify four major periods that span the evolution of medical devices:
- Complex systems and accidental disasters
- Implantable medical devices
- The threat of unauthorized access
- Cyber threats to medical device security
The article offers a comprehensive examination of the legislative timeline and the evolving threats to information security in healthcare. They argue that “the steps we take today will largely define the future of medical device security,” and while there is a temptation to publicly wring our hands in despair over medical-device insecurity, “we must resist the temptation to sensationalize the issues…and instead apply sober, rational, systematic approaches to understanding and mitigating security risks.”
The authors conclude by challenging the medical-device community to better secure these devices:
“…it is safe to say that patients’ reluctance to accept medically indicated devices due to concerns about security poses a greater threat to their health than any threat stemming from medical device security…it is incumbent on our field to continue to prioritize the security of medical devices as a part of our fiduciary responsibility to act in the interests of those who rely on these life-saving devices.”
For complete reference information and a link to the article, please visit the THaW publication page.
“For decades, there’s been an unofficial truce between cybersecurity researchers and companies: When good guy hackers find a problem, they give companies a chance to fix it before going public.
But a cybersecurity firm called MedSec just upended that truce.”
“While medical device manufacturers must improve the security of their products, claiming the sky is falling is counterproductive.” – ThaW researcher, Kevin Fu
MedSec, a medical security firm, has formed an unusual partnership with investment firm Muddy Waters to generate revenue based on MedSec infosec research. When MedSec recently found alleged faults in St. Jude’s implantable heart equipment, it alerted Muddy Waters rather than St. Jude’s as tradition normally dictates. Muddy Waters promptly issued a research report highlighting the alleged faults and shorted St. Jude’s stock, giving MedSec a portion of the proceeds from the short sale.
However, ThaW researcher, Kevin Fu, and University of Michigan colleagues attempted to replicate the MedSec research and determined that MedSec’s findings were “inconclusive”. For more information on the Michigan investigtion see –
This saga is far from complete, as Fu’s team continues to look into the MedSec findings.
For more information:
While mHealth has the potential to increase healthcare quality, expand access to services, reduce costs, and improve personal wellness and public health, such benefits may not be fully realized unless greater privacy and security measures are implemented, according to a new paper published in the June issue of Computer.
Professors David Kotz (Dartmouth), Carl A. Gunter (University of Illinois), Santosh Kumar (University of Memphis), and Jonathan P. Weiner (Johns Hopkins), in their paper (Privacy and Security in Mobile Health: A Research Agenda) challenge the research community to tackle several critical challenges related to security and privacy in mHealth: data sharing and consent management; access control and authentication; confidentiality and anonymity; mHealth smartphone apps; policies and compliance; accuracy and data provenance; and security technology.
With 45 percent of Americans facing chronic disease, which accounts for 75 percent of the annual $2.6+ trillion spent on healthcare, and many developed countries facing aging populations, mobile technology can serve as a great resource to help address these problems – provided mHealth companies and other stakeholders are able to meet the privacy and security challenges associated with these technologies.
For additional information contact Professor David Kotz, the Champion International Professor in the Department of Computer Science at Dartmouth College.
The article can be found in the June issue of Computer.