Fixing Breaches in Your Healthcare IT System

Troy
Troy Camplin
Jun 5, 2018

We’re only halfway through 2018 and there have already been numerous security breaches in healthcare. The more information gets integrated and connected, the more it’s at risk; yet healthcare information perhaps requires the highest levels of connection and integration to be most useful. This information, though, is highly sensitive and the legal consequences of improperly distributing it can be quite severe, so anything that might increase the risk of a security breach is very worrisome. There may be few areas outside government where data needs to be extremely secure.

Michael Beeson, an IT Security Professional with experience in government and health care, sees many systematic problems in healthcare IT security. “The original samsam encryption attack largely took advantage of the fact that many hospitals don’t have inhouse IT and just hire people to handle their web stuff on occasion then don’t maintain anything beyond content,” Beeson said. “The attackers take advantage of long-known vulnerabilities and gain access to the hospital network through those compromised servers.” He argues that the solution to this problem would be to patch known vulnerabilities when possible and to use web application firewalls.

Another part of the problem, according to Beeson, is that most hospitals use “flat networks” in which all the departments are connected. He says that best practice is to separate workstations by departments and to use VLANs to segregate information. This would prevent infections from jumping from one department to another. Strong internal firewalls that would only allow traffic to the electronic medical record system server that’s needed would be key to creating such a system.

While most people are going to think of computers and servers, Beeson argues that there’s a major security gap in medical devices. The issue is that “medical devices are typically very lax in security,” Beeson says. “Things like pumps and monitors use wi-fi without any additional encryption.” Pacemakers use MQTT unencrypted, which would allow a hacker access to all the information in the device and even change the settings. Unfortunately, as Beeson notes, “the only thing that can be done there is for the equipment manufacturers to start configuring MQTT with encryption from the start.”

This opens up an entirely new area of concern. The last thing you want to worry about when you get a pacemaker is whether or not someone could hack into it and give you a heart attack. A malevolent hacker could certainly wreak havoc by targeting a large variety of medical devices. This is a threat to people’s lives and not merely making private information public or stealing your financial information. Clearly we need to make online security in the healthcare field a full-time concern.

Follow us on social media for the latest updates in B2B!

Image

Latest

private equity
Alts Innovators: UT Austin’s Dr. Ken Wiles on Private Equity
December 15, 2025

Private equity is entering a period of adjustment after decades of expansion fueled by falling interest rates and abundant capital. That long-running tailwind reversed beginning in 2022, when interest rates rose sharply, disrupting deal activity, slowing exits, and bringing renewed attention to a long-standing vulnerability in private markets: liquidity. Industry reports have highlighted softer fundraising,…

Read More
SPD
Getting SPD Teams to the Table: Why Sterile Processing Deserves a Central Role in Surgical Planning and Operations
December 15, 2025

Sterile Processing Departments (SPDs) remain the backbone of safe surgical care, yet across the country, they’re still routinely left out of early decision-making around products, construction, staffing, and case planning. As hospitals juggle tighter margins, higher patient acuity, and growing procedural demands, the consequences of excluding SPD voices become unmistakably real—showing up in daily…

Read More
WireXpert
WireXpert MP Wire Mapping Overview
December 13, 2025

In modern network installations, speed alone isn’t enough—precision is what keeps systems reliable and downtime low. Tools like the WireXpert MP cable certifier reflect how far copper cable diagnostics have evolved, moving beyond simple pass-or-fail testing into actionable insight. By running a full 500 MHz sweep on a Category 6A link, technicians can…

Read More
Why Connectivity Has Become the Cornerstone of Modern Industrial Automation
December 11, 2025

Industrial automation is in the middle of a profound shift, as manufacturers push beyond basic control toward fully connected, data-driven operations that bridge the plant floor and the enterprise. What began years ago as early experiments in digital transformation—simply getting PLC data into IT systems—has now accelerated into a critical business imperative fueled by…

Read More
Related
SPD
Software & Technology
Getting SPD Teams to the Table: Why Sterile Processing Deserves a Central Role in Surgical Planning and Operations
December 15, 2025
The Hidden Roadblocks to Smarter Hospitals
Healthcare
The Hidden Roadblocks to Smarter Hospitals
December 9, 2025

As hospitals look to improve outcomes with faster, more informed decisions, infrastructure limitations remain a major hurdle. This episode—part two of a five-part Health and Life Sciences at the Edge series exploring The Future of Patient Monitoring—dives into what’s holding back smarter, more connected care. Intel’s Andrew Lamkin, AI Solutions Architect, and Bikram Day,…

Read More
ROI
Healthcare
ROI Case Study
December 3, 2025

Denials are no longer a slow leak in the revenue cycle—they’re a fast-moving, rule-shifting game controlled by payers, and hospitals that don’t model denial patterns in real time end up budgeting around losses they could have prevented. PayerWatch’s four-digit, client-verified ROI in 2024 shows what happens when a hospital stops reacting claim by…

Read More