Welcome to HIMSS

This site uses technologies such as cookies to provide a better user experience by personalising content and ads, analysing web traffic and trends, and improving site operations. We may share information about your use of the site with third parties in accordance with our Privacy Policy. By continuing to use this site you agree that we can save cookies on your device, unless you have disabled them. You can change your cookie settings at any time by visiting our Cookie Policy, but parts of our site may not function correctly without them.

Privacy & Security

Security issues keep cropping up: Cisco vulnerability joins Samsam, Spectre and Meltdown in new roster

Don’t forget about the GDPR, as in the General Data Protection Regulation coming soon in Europe, warns the new HIMSS Healthcare and Cross-sector Cybersecurity report.
By Tom Sullivan
February 01, 2018
11:33 AM

Anyone thinking that the turn of a new year would inhibit the constant stream of security vulnerabilities can be forgiven such optimism. But reality set in just days after the New Year in the form of Samsam, Spectre and Meltdown, and the perhaps lesser-known new cyber flaws in products from Cisco and Smiths Medical.

Let’s start with Cisco. The networking giant warned of holes that enable perpetrators to remotely launch a denial of service attack via its Cisco Adaptive Security Appliance.

“A successful attack may allow the attacker to execute arbitrary code and obtain full control of the affected device,” according to Lee Kim, HIMSS Director of Privacy and Security, who authored the just-published January edition of the Healthcare and Cross-Sector Cybersecurity Report.

Cisco released software patches to solve the problem. Likewise Smiths Medical, which updated its firmware to fix security flaws in Medfusion 4000 devices prone to buffer overflow exploits opening the door to remote code execution or denial of service attacks.

Let’s not neglect Spectre and Meltdown — the highest-profile security problem in some time, particularly among Intel chips.

[Also: What you need to know about the Spectre and Meltdown processor vulnerabilities]

Everyone from cloud service providers to software vendors to original equipment manufactures “should stop deployment of current versions as they may introduce higher than expected reboots and other unpredictable behavior,” Kim noted.

Intel reportedly said a fix is forthcoming. Exactly when? That is no more understood right now than the initial attack vector for Samsam. What we do know is that the variant is deployed manually and some victims, most notably perhaps EHR maker Allscripts, have had external-facing apps and servers compromised.

[Also: What to know about the SamSam ransomware hitting Allscripts, hospitals]

“Another thing to note is that the General Data Protection Regulation is coming into force on May 25, 2018,” Kim added.  “So a lot of U.S. hospitals and others have concerns and questions on whether they need to comply, how to comply, etc.”

GDPR, there’s that. Infosec pros might as well get used to it and start to grasp the impact now. 

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com

Topics: 
Privacy & Security

More regional news

Seema Verma speaks with Hal Wolf at HIMSS25

Seema Verma is 'excited about progress' of Oracle's EHR modernization at VA

By
Susan Morse
March 13, 2025
Nurse checks her tablet

Vendor notebook: Closing gaps in care, boosting provider performance

By
Andrea Fox
March 13, 2025
Dr. Ronald Rodriguez of The University of Texas Health Science Center at San Antonio on AI

Physician AI expert cautions clinicians and execs: Be wary of AI challenges

By
Bill Siwicki
March 12, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Seema Verma speaks with Hal Wolf at HIMSS25
Seema Verma is 'excited about progress' of Oracle's EHR modernization at VA

Most Read

Asan Medical Center reaches Stage 7 of INFRAM24
Q&A: Implementing digital health in hospitals
State of privacy consent management requires more collaboration, says Sequoia Project
Cyber threat sharing network for health launched and more briefs
Key strategies for maximising the benefits of shared mobile and end-to-end management in healthcare
Medical data space launched in China's Greater Bay Area

Research

White Papers

More Whitepapers

Artificial Intelligence
Artificial Intelligence
Patient Engagement

Webinars

More Webinars

Privacy & Security
Privacy & Security
Privacy & Security

Video

Angie Cox, Nautilus Solutions__Las Vegas skyline Photo by halbergman/E+/Getty Images
AI documentation systems get a boost when clinicians are involved
Christine Stetler at MedeAnalytics_Doctor showing medical record to patient Photo by Moment Makers Group/iStock/Getty Images Plus
Avoiding costly procedures depends on effective claim review
Dr. Jonah Feldman at NYU Langone Health System_Las Vegas skyline Photo by halbergman/E+/Getty Images
RPA is helping clinicians deliver quality care more efficiently
Natasha Ramontal at HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Patient outcomes can get a boost from robust analytics supporting AI

More Stories

A doctor interacting with a patient in bed
Saving up to $6M by predicting hospital discharge
Etay Maor, chief security strategist at Cato Networks, speaks at HIMSS25 on Wednesday, March 5, 2025
Health leaders need AI know-how to avoid cyberattacks
Lavonia Thomas headshot
Q&A: Nursing and the integration of technology at...
Expectant parents
Royal Philips partners with Ingeborg Initiatives to provide pregnancy app
VA building sign
VA will deploy Oracle Health EHR to nine additional sites 
Ed Mitchell, Advocate Health, and Aaron Sheedy, Xealth, at HIMSS25
Healthcare more personal with customized digital messaging
hand on keyboard
Cobalt Strike abuse in the wild drops 80%, says Fortra
Dan Cohen of Adhere+ on telemedicine
DEA role must be clearly defined in controlled substance Rx via telemedicine, expert cautions