Medical Cybersecurity 2021: how worried should we be, and what can we do?

NOTE - THIS MEETUP IS VIRTUAL AND WILL BE CONDUCTED ONLINE WITH EFF-AUSTIN'S ZOOM ACCOUNT. To join the meetup, RSVP to this event, and then click the link that you will be shown upon RSVPing. The meeting room passcode is 980511.

This event is presented in conjunction with the National CyberWatch Center. National CyberWatch Center is a consortium of higher education institutions, businesses, and government agencies focused on collaborative efforts to advance Information Security education and strengthen the national cybersecurity workforce. To learn more, click the following link: https://www.nationalcyberwatch.org/

Our speaker this month is Owen McNally. Owen is a researcher and technology analyst in Austin, Texas. He is the Chair of the EFF-Austin Cybersecurity workgroup, and the Founder of the Data Science vs COVID project. An enduring theme in his work over recent decades is the analysis and evaluation of technology for usability, quality and ethics based on humanistic principles. He joined a series of software development teams as a usability and quality assurance analyst, and subsequently earned an interdisciplinary PhD at the University of Texas at Austin, with a program of work in Medical Cognitive Science. He has taught college level software design, cognitive studies, psychology, research methods, and statistics for the behavioral sciences. In recent years his work has been in software usability, cybersecurity training, medical research, and analysis for investors in energy storage, AI, hospital technology, neurotechnology, and logistics.

After the news of the infamous Solarwinds hack in recent months, cybersecurity is back on people's minds. For hospitals and healthcare systems, this highly unwelcome news begs the question of whether there is a crisis. There is evidence that bad-actors ramped up their activity significantly against hospitals and healthcare entities after COVID, and if there was serious under-investment in cybersecurity prior to 2020, the problem has very likely intensified since the pandemic. I will present evidence that the background to this increasingly alarming situation can be better understood through three key aspects: (1) very high prices for exfiltrated personal health data on the dark web, (2) both cybersecurity professionals and their trainers are in short supply, with the most cash-strapped hospitals and healthcare systems losing out to better financed organizations, and (3) while technologies such as machine learning/AI, and blockchain may eventually give security professionals and citizens desiring secure and private health information the advantage, for now innovation, disruption and "sandboxing" seem on the side of the criminals. What can be done? Knowing what organizations have legal access to your health information is critical, healthcare system policies about investing in security are perhaps responsive to popular pressure, and good personal information security behavior can reduce some vulnerabilities.

Some may wish to hear a previous discussion about the technology integration and data protection challenges hospitals and doctors face with Owen on the Plutopia News Network with Scoop Sweeney and EFF-Austin's Jon Lebkowsky at https://www.youtube.com/watch?v=kPnjIUG8cq4

EFF-Austin is sustained via the contributions of supporters like you. Donate via the Paypal link on our website at the top of the main page: https://effaustin.org