6. New risks accompany move to digitized health records. In the US, health care reform and stimulus funding will continue to accelerate the adoption of electronic health records and related technologies throughout the industry. The American Recovery and Reinvestment Act calls for all medical records to be electronic by 2014, meaning that much work must be done in 2012 and 2013 to prepare. New devices will be introduced that send sensitive information beyond the traditional boundaries of health care providers, and more and more health care providers are using mobile devices. Along with the need to secure newly implemented EHR systems, securing mobile devices and managing mobile clinical applications will continue to be an ever-increasing focus in the health care industry.
7. Mobile and medical devices will begin to merge. Mobile devices and health care apps will proliferate, making it easier, for example, to transform a smartphone into a heart monitor or diabetes tester. As a result, some experts believe that industry health care groups will declare mobile devices to be medical devices in order to control and regulate them. As interoperability standards mature, more mobile devices and traditional medical devices will become nodes on an organization’s network. These devices also will share data with other devices and users and, as a result, be susceptible to the same threats and vulnerabilities that computers and other network-attached peripherals - such as printers and faxes - are susceptible to today.
8. Smart grid security standards will keep evolving. In the US, public utility commissions, along with the National Institute of Standards and Technology, will continue to develop smart-grid standards. State PUCs will begin to agree on a standard in the coming year. The government will increasingly require utilities to demonstrate that their smart grid and advanced metering infrastructure solutions protect not only the privacy of consumers and consumer usage data but also the security of the AMI infrastructure. At some point, a single federal framework will supersede state regulations and requirements.
9. New concerns will surface about IPv6. The federal government is still struggling with the rollout of IPv6-enabled devices as organizations migrate from IPv4. This will be an ongoing concern, and IPv6 specific vulnerabilities and threats will continue to cause trouble during 2012. In addition, the other two fundamental mechanisms of the internet -- Border Gateway Protocol and Domain Name System – also now offer a next-generation version. In 2012, many will start migrating to these newer versions, generating a new round of vulnerabilities and exploits.
10. Social-engineering threats resurface. More targeted spear-phishing -- an email-fraud attempt that targets a specific organization, seeking unauthorized access to confidential data – will be the major social-engineering threat of 2012. Efforts to educate user communities about safe computing practices will continue to be a challenge as the user base of smart devices increases dramatically. Social networking sites will continue to implement protection for users from malware, spam and phishing, but sophisticated threats will continue to seduce users to visit a rogue Website or reveal personally identifiable information online.