Fixing Breaches in Your Healthcare IT System

We’re only halfway through 2018 and there have already been numerous security breaches in healthcare. The more information gets integrated and connected, the more it’s at risk; yet healthcare information perhaps requires the highest levels of connection and integration to be most useful. This information, though, is highly sensitive and the legal consequences of improperly distributing it can be quite severe, so anything that might increase the risk of a security breach is very worrisome. There may be few areas outside government where data needs to be extremely secure.

Michael Beeson, an IT Security Professional with experience in government and health care, sees many systematic problems in healthcare IT security. “The original samsam encryption attack largely took advantage of the fact that many hospitals don’t have inhouse IT and just hire people to handle their web stuff on occasion then don’t maintain anything beyond content,” Beeson said. “The attackers take advantage of long-known vulnerabilities and gain access to the hospital network through those compromised servers.” He argues that the solution to this problem would be to patch known vulnerabilities when possible and to use web application firewalls.

Another part of the problem, according to Beeson, is that most hospitals use “flat networks” in which all the departments are connected. He says that best practice is to separate workstations by departments and to use VLANs to segregate information. This would prevent infections from jumping from one department to another. Strong internal firewalls that would only allow traffic to the electronic medical record system server that’s needed would be key to creating such a system.

While most people are going to think of computers and servers, Beeson argues that there’s a major security gap in medical devices. The issue is that “medical devices are typically very lax in security,” Beeson says. “Things like pumps and monitors use wi-fi without any additional encryption.” Pacemakers use MQTT unencrypted, which would allow a hacker access to all the information in the device and even change the settings. Unfortunately, as Beeson notes, “the only thing that can be done there is for the equipment manufacturers to start configuring MQTT with encryption from the start.”

This opens up an entirely new area of concern. The last thing you want to worry about when you get a pacemaker is whether or not someone could hack into it and give you a heart attack. A malevolent hacker could certainly wreak havoc by targeting a large variety of medical devices. This is a threat to people’s lives and not merely making private information public or stealing your financial information. Clearly we need to make online security in the healthcare field a full-time concern.

Follow us on social media for the latest updates in B2B!

Image

Latest

document restoration process
AMRestore Document Restoration Process
April 16, 2024

How does advanced document recovery technology safeguard valuable business documents from severe damage, especially in emergencies involving water? Polygon’s AMRestore document restoration process provides residential and commercial content restoration, cleaning, and moving. Larry Waltemire, the Business Unit Manager of East Region at Polygon, highlights the critical stages and technological advancements in document preservation at […]

Read More
biofuel feedstock
Motor Fuels Tax Minute, Episode 43: Biofuel Feedstock
April 16, 2024

In this week’s episode of Motor Fuels Tax Minute, our hosts discuss non-tax specific permits for biofuel feedstocks.   For information or assistance, contact us. We are here to help. ©2024 Detailed Description of Weaver’s Motor Fuels Tax Minute, Episode 43 00:00:00 Emilda: Welcome to Weaver’s Motor Fuels Tax Minute, the vlog where we talk all […]

Read More
An Aging U.S. Workforce Could Be A Fruitful Operational Shift for Businesses
April 15, 2024

In a workforce landscape being shaped by inflation, supply chain evolution, geopolitical tide shifts, and rising next-gen technology, businesses are increasingly recognizing the value of integrating older, experienced workers into their labor strategies. The allure lies not only in the seasoned skills these workers bring but also in their financial independence, which often allows […]

Read More
telecom project success in healthcare
Telecom Project Success in Healthcare Usually Comes Down to Working with the Right Decision Maker
April 15, 2024

In the rapidly evolving landscape of healthcare technology, telecommunications plays a crucial role. As healthcare providers increasingly rely on digital solutions—from telemedicine to electronic health records—telecom companies are finding new opportunities and challenges in this sector. Successfully implementing telecom projects in healthcare requires a nuanced understanding of the industry’s legacy communications infrastructure, unique demands […]

Read More