When necessary, doctors can obtain important information such as your allergies, medical history, and known conditions, which can make all the difference in an emergency. But letting that information fall into the wrong hands could be a serious problem.
Regulations such as HIPAA aim to promote a super-high standard of security for personal medical information, with massive fines for failure. But a fine for security failure doesn’t necessarily create security success. Doctors and medical organizations rely on software vendors for secure systems, and as we’ve seen, software can be buggy. Worse, the medical organizations don’t have the knowledge to use the secure systems correctly and keep them disconnected from insecure systems.
Seth Fogie, Information Security Director for Penn Medicine, performed what he called an on-screen biopsy of healthcare security in the US for Black Hat attendees. It wasn’t pretty.
As Foglie introduced himself, he noted that he had presented at Black Hat 16 years ago on the topic of Pocket PC security abuse. That seems dated today, but as he pointed out, Windows CE and other antiquated, insecure systems are still used in the healthcare industry.
“Patient records are being exploited and sold,” explained Foglie. “There is monetary value.”
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE