2 Comments

Summary:

The rise of electronic health records, other digital health platforms and connected devices has made healthcare more vulnerable to security breaches almost any other industry, according to a recent investigation by The Washington Post.

keyboard stethoscope

As hackers look for an easy target, healthcare could be at the top of their list. According to a recent investigation by the The Washington Post, the rise of electronic health records, other digital health platforms and connected devices has made healthcare more vulnerable to security breaches than almost any other industry.

“I have never seen an industry with more gaping security holes,” Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University, told the The Post. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.”

Relative to other industries, including finance and the military, hospitals and medical facilities have been targeted by fewer hacks, the report said, but government officials have recently indicated growing concern. In May, the Department of Homeland Security released a notice warning that while wireless technology can bring efficiency and flexibility to healthcare, it also introduces security risks that the industry may not be ready to address.

The Post  is hardly the first to flag security as a growing problem for healthcare – a study earlier this month from the Ponemon Institute and ID Experts found that a third of health organizations polled don’t have the technology, budget or trained personnel to handle contemporary security challenges. But the article detailed several anecdotes indicating that while the industry is trying to deal with the problem, its culture and technology are behind the times.

For example, it said that doctors and other medical workers at an unnamed institution used the same computers to connect to both the Internet and internal networks, with some staffers leaving computers unattended and unprotected. It also said that the University of Chicago Medical Center recently left itself vulnerable to hackers after posting a document for residents online that included login information for a shared Dropbox account (the University has since closed the loophole).

To date, despite the many vulnerabilities and the many data breaches suffered by hospitals and healthcare institutions, hackers have mostly focused their attention elsewhere. According to a report by GovernmentHealthIT, six of the top 10 breaches were related to a stolen unencrypted laptop and three of the 10 involved an employee or former employee who inappropriately accessed patient information through email or other means. Only one – albeit the biggest incident – involved a hacker who accessed patient information through a Utah Department of Health server.

But as more patient information goes online, larger-scale hack attacks and the threat of medical identity theft – which some say is more costly and difficult to correct than other forms of identity theft – could increase. As it is, some studies indicate that patients are already apprehensive about Electronic Health Records, and for them to get the most out of those platforms and other digital health services, they need systems they can trust.

Some steps forwarded indicated by The Post report, include increased government oversight, particularly more clarity from the Food and Drug Administration (FDA) on its position, as well as more education and investment on the part of the industry.

  1. With spy drones that start at $99 and are military grade. It will be interesting how we can repurpose this tech to help those with disabilities to view locations around the house with a computer. This is a great advancement in security. http://igg.me/p/268456/x/1289609

    Share
  2. I am always distressed with alarmist posts regarding security in networked online health information and records. It seems to be extremely naive to think this information is not already in the hands of groups which do use it against you and for their own profit ie insurance companies!!

    That said there does need to be systematic improvement in authenticated access to such information but seriously what will a hacker do with such information it has no intrinsic value except for criminal mishchief and sequelae therefore such exaggerated concerns regarding safety is really off the mark and shows that infotech security experts need to be educated and perhaps help

    Share

Comments have been disabled for this post