Over the holidays the Washington Post published a lengthy investigation into healthcare data security and found it full of gaping holes.
The two biggest conclusions of the article were:
- There is a culture among healthcare professionals that eschews security, one where healthcare workers “sidestep basic security measures, such as passwords, in favor of convenience.”
- Medical devices, such as defribulators and insulin pumps, are vulnerable to hacking.
The best description of healthcare data security? “I have never seen an industry with more gaping security holes,” Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University, told the Post. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.”
Healthcare Professionals’ Laxity
During Rubin’s research, he found “that doctors and medical workers used the same computers to connect to both the Internet and internal networks,” a big security no-no that provides “a pipeline for attackers into the sensitive networks.”
In one extreme case, Rubin interviewed a nurse who admitted part of her duties included “typing in a physician’s password constantly so that the doctor would not have to, leaving the unattended machine unprotected.”
Medical Devices Vulnerable
The Post article made a point to mention that as more and more medical devices are computerized, the risk for hacking grows. However the Post was unable to find any documented cases of hacking of devices, only anecdotes.
The risk has long been known. Recent IT security magazine SC wrote at length about security holes in healthcare electronic devices, such as radiology systems, which though are connected to a hospital’s network, do not have the same security as other systems.
This equipment is not subject to the same security management requirements as other patient systems because of different regulations, says Barbara Filkins, a security consultant specializing in health care. Another article in SC Magazine extrapolated the frightening possibilities of insecure medical devices.
But What About the Revenue Cycle?
The Post article did not mention security risks by healthcare’s revenue cycle systems. The article takes great pains to point out that most hackers focus on those systems that provide access to money. But the investigation did not uncover any unusual hacking of healthcare business office systems — where the money is.
Read it? Love it? Want more of it? Make sure you register on insidePatientFinance.com today for the weekly Patient Finance insider and you won’t miss the ongoing great content from our site!
![[Image by creator from ]](/media/images/2015-04-cpf-report-training-key-component-of-s.max-80x80_F7Jisej.png)
![Report cover reads One Conversation Multiple Channels AI-powered Multichannel Outreach from Skit.ai [Image by creator from ]](/media/images/Skit.ai_Landing_Page__Whitepaper_.max-80x80.png)
![[Image by creator from ]](/media/images/paper-collections_triggers_1_1.max-80x80.png){kind=small}
![Report cover reads Bad Debt Rising New ebook Finvi [Image by creator from ]](/media/images/Finvi_Bad_Debt_Rising_WP.max-80x80.png)
![Report cover reads Seizing the Opportunity in Uncertain Times: The Third-Party Collections Industry in 2023 by TransUnion, prepared by datos insights [Image by creator from ]](/media/images/TU_Survey_Report_12-23_Cover.max-80x80.png)
![[Image by creator from ]](/media/images/Skit_Banner_.max-80x80.jpg)
![Whitepaper cover reads: Navigating Collections Licensing: How to Reduce Financial, Legal, and Regulatory Exposure w/ Cornerstone company logo [Image by creator from ]](/media/images/Navigating_Collections_Licensing_How_to_Reduce.max-80x80.png)
![Whitepaper cover text reads: A New Kind of Collections Strategy: Empowering Lenders Amid a Shifting Economic Landscape [Image by creator from ]](/media/images/January_White_Paper_Cover_7-23.max-80x80.png)
![Webinar graphic reads Help Wanted: Predictive, Collaborative and Intelligent Contact Data April 25 at 3pm et by TransUnion [Image by creator from ]](/media/images/Landing_Page_2_KAmAKW1.max-80x80.png){kind=small}
![Webinar graphic reads Multi-Channel AI: Improve Contacts & Increase Revenue Compliantly April 4 at 2pm et [Image by creator from ]](/media/images/Skit.ai_InsideARM_Landing_Page_1200x627.max-80x80.png){kind=small}
![Streamline Your Collections Process with Voice AI [Image by creator from ]](/media/images/Streamline_Your_Collections_Process_with_Voice.max-80x80.png){kind=small}
![How to Connect with Today’s Digital Consumer [Image by creator Editor from insideARM]](/media/images/finvi_webinar_thumbnail.max-80x80.png){kind=small}
![Customizable or Configurable? Webinar [Image by creator Editor from insideARM]](/media/images/Landing_Page_2.max-80x80.png){kind=small}
![How to Launch an Omnichannel Collection Strategy [Image by creator Neustar from insideARM]](/media/images/omnichannel-webinar.max-80x80.png){kind=small}
![Breaking Down the CFPB's Opinion on Convenience Fees [Image by creator Editor from insideARM]](/media/images/2022-11-convieniance-fees-webinar.max-80x80.png){kind=small}
![Overcoming Communication Barriers to Reach Your Accounts [Image by creator Editor from insideARM]](/media/images/neustar-overcoming-communications-barriers-thu.max-80x80.png){kind=small}