Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
On Cyber Attacks
[By Bertran Mesko, MD PhD]
According to studies by PWC and the SANS Institute, 94% of healthcare organizations have been victims of a cyber-attack.
As we use more and more devices from smartphones to wearable sensors, your online privacy can have a very real impact on our health and well-being. When hacked, even simple wearables can yield private information about our vital signs and reveal personal health problems and insight into our habits (like when we regularly go running) that’s best kept from the public eye.
More threatening are the findings of security researchers who managed to prove that a deadly overdose of medication could be administered remotely via a vulnerability in certain insulin pumps.
HIT Dangers
Let’s see the dangers facing our health information, and a few easy tips you can use to boost your privacy levels quickly.
***
The dangers facing healthcare privacy
Assessment
Arxan recently surveyed trends and dangers threatening the privacy of healthcare data.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
Dictionary of Health Insurance and Managed Care
***
Share this:
Filed under: Information Technology | Tagged: Arxan, Bert Mesko, Medical Device Attacks |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
TheDarkOverlord’s extortion which I discovered on Twitter three days ago, was no hoax after all.
“Cyber extortion gang hits again, striking ABC, clinics across U.S. – The cybercrime gang known as The Dark Overlord appears to operate from an English-speaking country, although details are murky.” By Tim Johnson for McClatchy News, June 12, 2017.
http://www.mcclatchydc.com/news/nation-world/national/article155732029.html
thedarkoverlord @tdohack3r: “La Quinta Center for Cosmetic Dentistry refused our kind offer, so here’s their 6.300 records”
The reporting of the tweet was intentionally delayed, I assume, to properly warn over 12,000 patients whose identities were posted on the internet. Perhaps the delay of reporting on publicly-available identities was prudent. If I were one of the thousands of dental patients whose identities are available I would certainly want to know about it before the word gets out.
But then again, immediately is probably not soon enough: “FTC finds thieves attempt to use stolen data within 9 min of breach” By Robert Abel for SC Media, May 26, 2017.
https://www.scmagazine.com/ftc-finds-data-breach-info-exploited-in-under-9-minutes/article/664540/
Neither is the 60 days HIPAA allows before providers must notify patients of a breach. Crime moves faster than HIPAA, and digital dental records have always been soft targets with huge payoff. Anyone interested in de-identification yet?
Damn, I miss Justin Shafer. The security expert who has been publicly thanked by Homeland Security on 8 occasions for reporting software vulnerabilities affecting hundreds of thousands of patients sits in jail. The world misses you, Justin.
D. Kellus Pruitt DDS
LikeLike
Cloud-based EHRs have become increasingly available as huge, rich targets for identity thieves.
“Microsoft Sounds Alarm on Weaponized Virtual Machines on the Cloud – Attackers are targeting cloud accounts, hoping to weaponize virtual machines and gain access to valuable information.” By Pedro Hernandez for eWeek, August 22, 2017
http://www.eweek.com/security/microsoft-sounds-alarm-on-weaponized-virtual-machines-on-the-cloud
Hernandez: “Microsoft has some bad news for businesses hoping to find a safe haven from cyber-attackers in the cloud. IT departments can now add weaponized virtual machines on the cloud to their ever-expanding list of cybersecurity concerns.”
Salespeople for Dentrix Ascend, Curve Dental and other cloud-based dental EHRs should probably stop promising better security than office-based software… which is also far less secure than paper dental records.
D. Kellus Pruitt DDS
LikeLike
Cybersecurity need not be expensive, or complicated
“Myth busted: A wait-and-see approach to cybersecurity is a terrible idea – While the costs tied to protection can be daunting, especially for small organizations, the costs only increase after an attack. By Jessica Davis for Healthcare IT News, September 26, 2017.
http://www.healthcareitnews.com/news/myth-busted-wait-and-see-approach-cybersecurity-terrible-idea
Davis: “It should come as no shock that hackers have spent the last two years pummeling the healthcare industry with cyberattacks. In 2017, the healthcare sector has already reported 233 breaches and is on pace to exceed last year’s rate of one healthcare breach per day. For healthcare organizations that are already struggling with staffing shortages and tight budgets, there’s just too much to be done. And so they often undertake minimum requirements to reach HIPAA compliance and wait for an incident to react.”
De-identification anyone? Still too early?
De-identified health records have been the source of safe data for medical research even before computers, and unlike EHRs, the security of de-identification is improving daily. For example:
“New guide for de-identifying data – The Office of the Australian Information Commissioner (OAIC) has linked with the CSIRO’s Data61 to release a new guide to assist organisations dealing with private personal information to de-identify their data effectively.” PSN news.com (Australia), September 26, 2017.
http://www.psnews.com.au/aps/570/news/new-guide-for-de-identifying-data
If dental patients’ identities are unavailable, they simply cannot be stolen. What’s more, cybercriminals have no interest in stolen dental histories which cannot be re-identified – even if they wanted to.
Somebody go wake up the American Dental Association. Our hidden, secretive leadership is heading in the wrong direction. Full disk encryption is not happening as they promised, and at least one dental technology consultant has stopped promoting dental EHRs. (See: “9 questions to ask about EHR” By Lauren Krzyzostaniak for Dental Products Report, June 9, 2017)
http://www.dentalproductsreport.com/dental/article/9-questions-ask-about-ehr-0
D. Kellus Pruitt DDS
LikeLike
Florida officials,
Hack exposed 30K Medicaid patients’ files.
http://www.msn.com/en-us/news/us/florida-officials-hack-exposed-30k-medicaid-patients-files/ar-BBHVqcS?li=BBnbcA1
Ira
LikeLike