Free Republic
Browse · Search
Topics · Post Article

Skip to comments.

Health-care sector vulnerable to hackers, researchers say
Washington Post ^ | December 25, 2012 | Robert O’Harrow Jr.

Posted on 12/25/2012 10:46:51 PM PST by Seizethecarp

As the health-care industry rushed onto the Internet in search of efficiencies and improved care in recent years, it has exposed a wide array of vulnerable hospital computers and medical devices to hacking, according to documents and interviews.

Security researchers warn that intruders could exploit known gaps to steal patients’ records for use in identity theft schemes and even launch disruptive attacks that could shut down critical hospital systems.

A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems.

“I have never seen an industry with more gaping security holes,” said Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.”

Compared with financial, corporate and military networks, relatively few hacks have been directed at hospitals and other medical facilities. But in recent months, officials with the Department of Homeland Security have expressed growing fear that health care presents an inviting target to activist hackers, cyberwarriors, criminals and terrorists.

“These vulnerabilities may result in possible risks to patient safety and theft or loss of medical information,” a DHS intelligence bulletin said in May.

Security researchers are starting to turn up the same kinds of trivial-seeming flaws that earlier opened the way for hackers to penetrate financial services networks, Pentagon systems and computers at firms such as Google.

(Excerpt) Read more at ...

TOPICS: Crime/Corruption; Culture/Society; Politics/Elections; War on Terror
KEYWORDS: hacking; healthcare; obamacare
My identity was stolen and used to obtain an IRS refund this year most likely as part of a hack of our huge county hospital patient database. This was a huge problem in FL this year.

All it takes is a corrupt employee in the hospital system with access to the insurance billing database, so not much "hacking" is actually needed.

1 posted on 12/25/2012 10:47:09 PM PST by Seizethecarp
[ Post Reply | Private Reply | View Replies]

To: Seizethecarp

One of the main security issues preventing good hospital security is the
desire for LOTS of different doctors in many locations to access patient
information the hospital has so they can see and care for patients in
their office. And being doctors they have this inherent belief that they are
special and that efforts to insure data access is adequate hinders them....i.e.
if they actually have to use their passwords, verify their identity and use the
approved access protocols they are wasting their precious $$$$ time.
Thus they pressure CEO’s to streamline security for their convenience.
They give their passwords and access protocols to their office staff because they don’t want to be bothered with such petty details as network security.

As a PACS admin I field demands from MD’s routinely to ignore methods
designed to secure patient info so that they don’t have to be bothered.

The main security issue in healthcare is the most influential people involved
are more concerned with their needs than with the concept of security.

2 posted on 12/25/2012 11:02:17 PM PST by nvscanman
[ Post Reply | Private Reply | To 1 | View Replies]

To: Seizethecarp


3 posted on 12/25/2012 11:04:11 PM PST by TEXOKIE (We must surrender only to our Holy God and never to the evil that has befallen us.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Seizethecarp

I worked as a hospital medical transcriptionist for many years until my job was offshored to India 2 years ago. While typing a medical report, I had complete access to all of the patient’s information, such as SSN, address, phone number, and DOB. We were supposedly monitored for “improper behavior,” but no one I know was ever reprimanded for such in more than a dozen years of my hospital employment. However, American transcriptionists face fines of $125,000 for divulging confidential patient info. In contrast, the transcriptionists in India and other third-world, who are now mainly transcribing the medical reports of Americans, face no such fines. Therefore, I fully expect the crime of identity theft in this country to explode in the next year or two as access to patient info is very easy to come by.

4 posted on 12/25/2012 11:07:44 PM PST by Prince of Space (Be Breitbart, baby!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Seizethecarp


In some ways the “news” are tragicomedy.

5 posted on 12/25/2012 11:10:56 PM PST by Hardraade ( (Vendetta))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Seizethecarp

I work in IT at a healthcare organization, and all I can say is this is absolutely true!

The biggest issue I’ve seen in hospitals tends to be with 3rd party vendor software and applications that are in use by the organizations/facilities. Very often there will be severe design issues with their software that will go completely unaddressed.

The 2nd biggest issue is with end users and their horrible practices on an individual level. A system is never going to be more secure than its dumbest user.

Another HUGE problem is with the government pushing organizations to go electronic, whether their IT departments may be ready or not. Being in IT, I’m all for things being electronic, but if it isn’t gonna be done right, it SHOULDN’T be done! After seeing what I’ve seen first hand, I’m VERY apprehensive about where I go to seek medical care, if I even seek it out at all! All it takes is for a system to get compromised, and your life could be ruined, or made VERY difficult.

6 posted on 12/25/2012 11:58:35 PM PST by KoRn (Department of Homeland Security, Certified - "Right Wing Extremist")
[ Post Reply | Private Reply | To 1 | View Replies]

To: nvscanman

Oh, what you said is SO true.

I couldn’t tell you how many remote offices I’ve seen where virtually every person working in their office just uses the physician’s credentials to access patient data(because he gave it to them all) for the reasons you stated! If anything is attempted to remedy the situation, the office staff gets pissed, which eventually leads to the physician being pissed, and before you know it, he’s in the CEO’s office bitching! In such cases, probably 90% of the time, the CEO will order the IT folks to accommodate and make the doctor happy, security be dammed.

7 posted on 12/26/2012 12:05:51 AM PST by KoRn (Department of Homeland Security, Certified - "Right Wing Extremist")
[ Post Reply | Private Reply | To 2 | View Replies]

To: Seizethecarp

Duh. They can’t protect classified secrets. How the eff are they gonna protect anything else? ANYTHING put on the net by anyone anywhere can be ‘hacked’ as they so routinely call it.
Have your computers and/or software made in frikking China and you can take it to the bank. And yet they still insist that you can ‘secure’ the unsecurable.
There was a program developed to secure bank transactions, among other things, that was virtually uncrackable. Guess what. The banks refused to use it because it would have exposed their own corruption...ditto gov agencies.

8 posted on 12/26/2012 12:15:36 AM PST by MestaMachine (It's the !!!!TREASON!!!!, stupid!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Seizethecarp

Social engineering.

Sure, SOX was supposed to obviate this. SOX only makes it a colossal nuisance for honest people.

9 posted on 12/26/2012 12:47:05 AM PST by HiTech RedNeck (How long before all this "fairness" kills everybody, even the poor it was supposed to help???)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HiTech RedNeck

I’m SHOCKED, I tell you, SHOCKED. How could the government let private data be so vulnerable?

10 posted on 12/26/2012 2:01:06 AM PST by Cololeo
[ Post Reply | Private Reply | To 9 | View Replies]

To: nvscanman

IE, the patients get screwed over royally.

As predicted.

EMR’s are a disaster. They bring few benefits that are not worth the enormous cost.

11 posted on 12/26/2012 4:14:17 AM PST by Adder (No, Mr. Franklin, we could NOT keep it.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Adder

My company provides IT security and HIPAA compliance to hospitals. EHRs have helped security a great deal.

Yes there are risks but they are manageable. I see many more security problems with the areas outside of the EHR systems.

Doctors ignoring the rules. Administrators refusing to provide budget to fix the problem. IT people who refuse to change the way they work.

12 posted on 12/26/2012 4:51:22 AM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: driftdiver


13 posted on 12/26/2012 5:43:48 AM PST by Chickensoup (Leftist Totalitarian Fascism coming to a country like yours.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: KoRn

As someone who has to USE. The crappy software to treat actual patients I hate the software we have. It’s horrible for the end user clinician, extremely unuser friendly. But our IT people like it. Great let THEM try and take of patients with the crap.

14 posted on 12/26/2012 9:35:43 AM PST by Kozak (The Republic is dead. I do not owe what we have any loyalty, wealth or sympathy.)
[ Post Reply | Private Reply | To 6 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794 is powered by software copyright 2000-2008 John Robinson