Fixing Breaches in Your Healthcare IT System

Troy
Troy Camplin
Jun 5, 2018

We’re only halfway through 2018 and there have already been numerous security breaches in healthcare. The more information gets integrated and connected, the more it’s at risk; yet healthcare information perhaps requires the highest levels of connection and integration to be most useful. This information, though, is highly sensitive and the legal consequences of improperly distributing it can be quite severe, so anything that might increase the risk of a security breach is very worrisome. There may be few areas outside government where data needs to be extremely secure.

Michael Beeson, an IT Security Professional with experience in government and health care, sees many systematic problems in healthcare IT security. “The original samsam encryption attack largely took advantage of the fact that many hospitals don’t have inhouse IT and just hire people to handle their web stuff on occasion then don’t maintain anything beyond content,” Beeson said. “The attackers take advantage of long-known vulnerabilities and gain access to the hospital network through those compromised servers.” He argues that the solution to this problem would be to patch known vulnerabilities when possible and to use web application firewalls.

Another part of the problem, according to Beeson, is that most hospitals use “flat networks” in which all the departments are connected. He says that best practice is to separate workstations by departments and to use VLANs to segregate information. This would prevent infections from jumping from one department to another. Strong internal firewalls that would only allow traffic to the electronic medical record system server that’s needed would be key to creating such a system.

While most people are going to think of computers and servers, Beeson argues that there’s a major security gap in medical devices. The issue is that “medical devices are typically very lax in security,” Beeson says. “Things like pumps and monitors use wi-fi without any additional encryption.” Pacemakers use MQTT unencrypted, which would allow a hacker access to all the information in the device and even change the settings. Unfortunately, as Beeson notes, “the only thing that can be done there is for the equipment manufacturers to start configuring MQTT with encryption from the start.”

This opens up an entirely new area of concern. The last thing you want to worry about when you get a pacemaker is whether or not someone could hack into it and give you a heart attack. A malevolent hacker could certainly wreak havoc by targeting a large variety of medical devices. This is a threat to people’s lives and not merely making private information public or stealing your financial information. Clearly we need to make online security in the healthcare field a full-time concern.

Follow us on social media for the latest updates in B2B!

Image

Latest

promoted
How to Succeed After Getting Promoted: Seeking Feedback, Acting with Intention, and Leading with Perspective
April 16, 2026

Stepping into a leadership role today isn’t just a step up—it’s a shift into constant visibility, where expectations arrive immediately and the margin for error narrows. As organizations flatten structures and demand faster decisions, newly promoted leaders are expected to deliver impact from the outset, often without the space to fully adjust. According to…

Read More
AI in business
A Practical Conversation About AI in Business: From Hype to Real-World Impact
April 15, 2026

Artificial intelligence has moved from buzzword to boardroom priority at a staggering pace. Yet despite widespread adoption, many organizations are still struggling to turn experimentation into measurable business value—some estimates suggest the majority of enterprise AI initiatives fail to scale successfully. As AI becomes “table stakes” across industries, the real challenge is no longer…

Read More
weekly drive-in
Metropolis: Weekly Drive-in
April 15, 2026

Metropolis “Weekly Drive In” reflects a new era of storytelling where AI meets real-world execution, turning everyday field performance into momentum. Centered on genuine conversions and local wins, the series highlights how the company is scaling not just through technology, but through visibility and shared recognition. In an emerging recognition economy, these updates act…

Read More
Drive In, Drive Out: The Rhythm of Metropolis
April 15, 2026

Behind the seemingly mundane choreography of a drive-in lies a broader story about how modern cities script behavior, turning even the simplest actions into rehearsed routines. What looks like repetition is really a quiet testament to systems designed for flow and control, where efficiency often outweighs individuality. In places like Metropolis, the rhythm of…

Read More
Related
Mental Health Care
Software & Technology
Policy, AI, and New Funding Models Are Reshaping Mental Health Care Delivery
April 16, 2026
healthcare
Healthcare
The Early-Stage Playbook for Healthcare Founders: Credibility, Founder Mindset, and Real Market Fit
April 13, 2026

Healthcare innovation is having a moment. With over 500 startups applying annually to leading accelerators like Health Wildcatters, the sector is seeing a surge of founders eager to tackle inefficiencies in care delivery, diagnostics, and patient experience. At the same time, digital health is regaining momentum—after a period of market correction, funding went up…

Read More
apprenticeship degree
Healthcare
Career-Connected Health Care: Why the Apprenticeship Degree Is the Future
April 13, 2026

Hospitals across the country are feeling the strain—too many open roles, not enough trained professionals, and a growing gap between what students learn and what the job actually demands on day one. Training is getting more expensive, timelines are stretching, and healthcare leaders are being forced to rethink how new clinicians enter the field….

Read More