Fixing Breaches in Your Healthcare IT System

Troy
Troy Camplin
Jun 5, 2018
Share this post

We’re only halfway through 2018 and there have already been numerous security breaches in healthcare. The more information gets integrated and connected, the more it’s at risk; yet healthcare information perhaps requires the highest levels of connection and integration to be most useful. This information, though, is highly sensitive and the legal consequences of improperly distributing it can be quite severe, so anything that might increase the risk of a security breach is very worrisome. There may be few areas outside government where data needs to be extremely secure.

Michael Beeson, an IT Security Professional with experience in government and health care, sees many systematic problems in healthcare IT security. “The original samsam encryption attack largely took advantage of the fact that many hospitals don’t have inhouse IT and just hire people to handle their web stuff on occasion then don’t maintain anything beyond content,” Beeson said. “The attackers take advantage of long-known vulnerabilities and gain access to the hospital network through those compromised servers.” He argues that the solution to this problem would be to patch known vulnerabilities when possible and to use web application firewalls.

Another part of the problem, according to Beeson, is that most hospitals use “flat networks” in which all the departments are connected. He says that best practice is to separate workstations by departments and to use VLANs to segregate information. This would prevent infections from jumping from one department to another. Strong internal firewalls that would only allow traffic to the electronic medical record system server that’s needed would be key to creating such a system.

While most people are going to think of computers and servers, Beeson argues that there’s a major security gap in medical devices. The issue is that “medical devices are typically very lax in security,” Beeson says. “Things like pumps and monitors use wi-fi without any additional encryption.” Pacemakers use MQTT unencrypted, which would allow a hacker access to all the information in the device and even change the settings. Unfortunately, as Beeson notes, “the only thing that can be done there is for the equipment manufacturers to start configuring MQTT with encryption from the start.”

This opens up an entirely new area of concern. The last thing you want to worry about when you get a pacemaker is whether or not someone could hack into it and give you a heart attack. A malevolent hacker could certainly wreak havoc by targeting a large variety of medical devices. This is a threat to people’s lives and not merely making private information public or stealing your financial information. Clearly we need to make online security in the healthcare field a full-time concern.

Follow us on social media for the latest updates in B2B!

Image

Latest

Next generation of security solutions
The Future of Security: Discovering the Next Generation of Security Solutions at ISC West
April 23, 2024

The recently concluded International Security Conference & Exposition West 2024 (ISC West) proved to be an indispensable platform for discovering the next generation of security solutions, providing attendees with invaluable insights into the future of the industry. At a recent episode of MarketScale’s roundtable show Experts Talk, Cathal Walsh, Vice President and Chief Security […]

Read More
Cyber Resilience: To Protect Corporate Assets, Businesses Must Invest in Cybersecurity Training
April 23, 2024

As cyberattacks occur at increasing frequency, cybersecurity has become a cornerstone of corporate security strategies across all sectors. With businesses increasingly reliant on digital infrastructures, the quality of a company’s cybersecurity training is no longer just an operational requirement — it is a strategic asset. The stakes are high, as a breach can lead […]

Read More
Forming Relationships with Industry Insiders Can Quell Sales Cycles and their Length of Time
April 23, 2024

New companies are facing more and more challenges in the security industry as sales cycles are experiencing lengthier times. One of those reasons is due to the complexity of the security industry itself, along with the unique and special business models every new company will come in with. But there is a solution to […]

Read More
Cyber-first approach
From Bollards to Bytes: Why Security Firms Need to Adopt a Cyber-First Approach
April 23, 2024

How can the security industry effectively navigate the shift from traditional physical security measures to adopting a cyber-first approach in its sales and integration strategies? The transition from physical to digital security solutions was a major theme at the International Security Conference & Exposition West 2024 held earlier this month. On a recent episode of […]

Read More
Related
augmented reality in dentistry
Software & Technology
Augmented Reality vs. Virtual Reality in Dentistry
April 23, 2024
dentist and patient experiences
Healthcare
Dental Surgeries Enhanced by The X-Guide System: Elevating Dentist and Patient Experiences
April 23, 2024

Elevating dentist and patient experiences reach a new level of ease with the introduction of the X-Guide® System from X-NAV Technologies. This system marks a significant advancement in dental implant surgery, offering a blend of precision, efficiency, and patient satisfaction previously unattainable. This dynamic 3D navigation system provides real-time guidance during implant placement, revolutionizing […]

Read More
Geek Squad
Healthcare
It’s About Time Healthcare Had a Geek Squad
April 22, 2024

As healthcare embraces technological innovation, could bringing a Geek Squad service approach from companies like Best Buy Health lead this transformation? The sector is witnessing a seismic shift with the integration of advanced technology and home-based care. Gastroenterological issues have surged by 20% in the past decade, highlighting the need for this tech-driven approach […]

Read More