Fixing Breaches in Your Healthcare IT System

Troy
Troy Camplin
Jun 5, 2018

We’re only halfway through 2018 and there have already been numerous security breaches in healthcare. The more information gets integrated and connected, the more it’s at risk; yet healthcare information perhaps requires the highest levels of connection and integration to be most useful. This information, though, is highly sensitive and the legal consequences of improperly distributing it can be quite severe, so anything that might increase the risk of a security breach is very worrisome. There may be few areas outside government where data needs to be extremely secure.

Michael Beeson, an IT Security Professional with experience in government and health care, sees many systematic problems in healthcare IT security. “The original samsam encryption attack largely took advantage of the fact that many hospitals don’t have inhouse IT and just hire people to handle their web stuff on occasion then don’t maintain anything beyond content,” Beeson said. “The attackers take advantage of long-known vulnerabilities and gain access to the hospital network through those compromised servers.” He argues that the solution to this problem would be to patch known vulnerabilities when possible and to use web application firewalls.

Another part of the problem, according to Beeson, is that most hospitals use “flat networks” in which all the departments are connected. He says that best practice is to separate workstations by departments and to use VLANs to segregate information. This would prevent infections from jumping from one department to another. Strong internal firewalls that would only allow traffic to the electronic medical record system server that’s needed would be key to creating such a system.

While most people are going to think of computers and servers, Beeson argues that there’s a major security gap in medical devices. The issue is that “medical devices are typically very lax in security,” Beeson says. “Things like pumps and monitors use wi-fi without any additional encryption.” Pacemakers use MQTT unencrypted, which would allow a hacker access to all the information in the device and even change the settings. Unfortunately, as Beeson notes, “the only thing that can be done there is for the equipment manufacturers to start configuring MQTT with encryption from the start.”

This opens up an entirely new area of concern. The last thing you want to worry about when you get a pacemaker is whether or not someone could hack into it and give you a heart attack. A malevolent hacker could certainly wreak havoc by targeting a large variety of medical devices. This is a threat to people’s lives and not merely making private information public or stealing your financial information. Clearly we need to make online security in the healthcare field a full-time concern.

Follow us on social media for the latest updates in B2B!

Image

Latest

summer melt
From Freshmen to Founders: Michigan Students Take on Higher Ed’s Summer Melt Crisis with MeetYourClass
May 29, 2025

A growing number of colleges are struggling to convert applicants into enrolled students—and to keep them engaged through graduation. With Gen Z students relying heavily on familiar digital platforms like Instagram and Discord for social interaction, traditional college tools for orientation, enrollment, and community-building often miss the mark. According to research, between 10 to 40…

Read More
Aviation maintenance
The Future of Flight Depends on Mechanics, Not Machines: How Jets MRO is Solving the Aviation Maintenance Talent Gap
May 28, 2025

Private aviation is booming—but behind the sleek jets and luxury cabins lies a hidden crisis. A looming shortage of qualified aviation maintenance technicians threatens to ground growth. According to Boeing’s 2023 Pilot and Technician Outlook, the industry will need about 690,000 new maintenance technicians by 2042. While private jet usage is skyrocketing, the infrastructure to…

Read More
digital learning ecosystem
Stride at 25: Redefining the Digital Learning Ecosystem for Today’s K–12 Learners
May 28, 2025

As virtual learning matures and school choice accelerates across the U.S.,the 25th anniversary of Stride Inc. offers a moment to reflect on how far the digital learning ecosystem has come and where it’s headed.. Once known as K12 Inc., the company helped pioneer online education at scale. But in a landscape shaped by evolving…

Read More
search
From Search (SEO) to Answers with Generative AI
May 27, 2025

In this episode of The Marketing AI SparkCast, Aby Varma—founder of Spark Novus, which partners with marketing leaders to adopt AI responsibly and strategically—hosts Mike Ensing, Founder and CEO of Revere AI. They explore how LLMs are revolutionizing search, shifting the customer journey, and forcing a new marketing playbook where brand discovery is increasingly…

Read More
Related
Securing Healthcare’s Frontlines: Designing Spaces That Save Lives
Software & Technology
Securing Healthcare’s Frontlines: Designing Spaces That Save Lives
May 22, 2025
network innovations
Healthcare
Network Innovations
May 22, 2025

Brent speaks with Day-Vene Gilliam, VP of National Network Optimization & Business Development at Elevance Health, about how Anthem is evolving its network strategy to deliver greater value to clients and members. From expanding value-based care contracts with over 650,000 providers to leveraging digital tools like HealthOS for real-time data and gap-closure, Anthem is enabling…

Read More
food as medicine
Healthcare
Food As Medicine
May 22, 2025

Dr. Kofi Essel, community pediatrician and Elevance Health’s Food as Medicine Director, joins Brent to discuss how nutrition is becoming a central lever in both preventing and treating chronic disease. With millions of Americans living with diabetes, hypertension, and obesity, Dr. Essel explains how Elevance is building interventions that help members access high-quality food and…

Read More