U.S. Hospitals’ Computer Security Stinks

Security Binary DataA recent Ponemon Institute study, surveying 80 healthcare organizations in the U.S. found that Healthcare providers don’t properly secure their health records or electronic medical devices very well. The survey “found that 75% don’t secure medical devices containing sensitive patient data, while 94% have leaked data in the last two years (mostly due to staff negligence).”

This finding indicates two things: 1. Healthcare organizations have missed the boat on computer and Internet security; and 2. the Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996, which, among other things, requires healthcare patient data to be secured, is not being obeyed.

By the way, HIPAA carries penalties of imprisonment for leaders of organizations who break this law. That having been said, I don’t know of any great number of hospital administrators who’ve been sent to jail. However, the Ponemon Institute surveyed hospital list is a starting place to build cases against the organizations who leaked patient data…duh!

It appears that the healthcare industry, like many others, feels it can’t be bothered with bureaucratic red-tape laws that make it more expensive and take longer to care for patients…the reason they’re in healthcare in the first place. I’m sure you’ve seen your physician’s nurse use the doctor’s account and password on patient record systems because he/she doesn’t want to be bothered with the computer and it’s security.

Cyber criminals love this type of environment to cast their phishing nets. They lure a nurse or other clerical assistant, with the physician’s access authority, to open a bogus email and click on a link that will lead to a—yes, you guessed it, a malicious Internet website that will inject malware onto the medical worker’s computer and get access to the organizations patient database, networked medical devices, and anything else they may find of interest to them.

What can you do to avoid your healthcare records and personal information ending up in the hands of cyber crooks? Not much. But you can ask your healthcare provider to explain how your medical records are stored, protected, and in compliance with HIPAA. Show them this article and the references linked here to educate them. Then, if they can’t or won’t answer your questions, perhaps you should find one that does know how and why HIPAA requires your medical records to be protected.

Reference: Study on Patient Privacy & Data Security

Naked Security.com article

Be very careful…it’s dangerous out there.

I hope you enjoyed this article; and if you’d like to receive an email when a new article is posted, please sign up for an email subscription on my home page. Don’t worry…I won’t give your email address to anyone…No One; I hate spam too. Please share my blog with your friends and family. I’m also on Twitter @PaulsInternet .


Images courtesy of FreeDigitalPhotos.net and FreeByte.com



Filed under Cybercrime, Internet, Internet Security, security

2 responses to “U.S. Hospitals’ Computer Security Stinks

  1. Great! Your way to explain the content about security is very impressive. Everyone can eaisly understand but i think hackers are going smarter with every passing day. They can easily harm your computer and steal your data. So it is necessary to users to think about their data security concern on both internet and personal end. It would be very nice if you brief us to personal data security. Well I found somthing interesting about data security over internet :http://www.protegent360.com/

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s