DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment




Health IT Homepage

Ramsoft partners with QliqSOFT Enables secure messaging of information on mobiles among doctors and patients

Amazon Comprehend Medical to bring natural language processing to healthcare A new HIPAA-eligible machine learning service

Agfa showcases rad/fluoro DR 800 system at RSNA Enhance patient and operator comfort

EBM Technologies brings PACS image viewing to iPad Pro at RSNA System works with any PACS, enabling FDA-cleared remote reading

Arterys touts cloud-native platform and regulatory approval in 98 countries AI capabilities with 'unmatched' security

Carestream unveils interactive multimedia and workflow enhancements Enhancing collaboration and productivity among providers and patients

Nuance launches AI Marketplace expansion with 40+ AI radiology 'app developer' network Also unveils cloud-based version of PowerScribe One reporting platform

University of Utah Health among first to leverage Philips Illumeo PACS with adaptive intelligence On display at RSNA

Siemens unveils syngo Virtual Cockpit software for CT, MR and PET at RSNA Offers remote expert technicians when needed

Intelerad acquires Clario for PACS-agnostic worklist capabilities Will ramp up presence in Seattle to leverage cloud technology expertise


Compliance does not equal IT security: HIMSS

by John W. Mitchell , Senior Correspondent
In a talk that sometimes wandered into technical language, two data security experts ultimately imparted a simple message: hackers have nothing but time to spot and exploit complacency in hospital security measures.

“Electronic health records security relies on discipline and repeatable processes,” Mac McMillan, CEO at Cynergis Tek told the large audience. He stressed that HIPAA rules to keep hospitals compliant with ensuring patient privacy and protection of health records have not kept up since enacted in 1996. Meanwhile, hackers have evolved very quickly in recent years.

Story Continues Below Advertisement

RamSoft PowerServer™ RIS/PACS - Enabling Efficient Diagnostic Imaging

RamSoft's PowerServer™ RIS/PACS is an intuitive, single database application that enables healthcare practices to operate diagnostic imaging more efficiently than ever before.Why is this important? Click to find out.

“These attacks cost millions and affect patient care,” McMillan said, citing recent cases of ransomware in which hospitals had to pay hackers to get control back over electronic records and systems. “Many hospitals that have been in the news recently were compliant and had one certification or another to prove it, but were still breached,” he added.

Co-presenter Jay Adams, Director of Information Security at Tallahassee Memorial Health System (TMHS), said no hospital IT manager can watch everything.

”Large hospitals create up to 1.6 million data logs a week,” he said. He stressed that automated systems should be in place to monitor and track movement both in and out of a health care system. Both McMillan and Adams emphasized that people are always the weakest link in IT security. They urged hospitals to adopt ongoing training to educate their employees and medical staff about hackers.

At TMHS, Adams conducts quarterly “fishing drills” in which he sends out emails to entice employees to click on a link or attachment that is configured to resemble malware or other common hacker strategies. When he first started this training, he got nearly a 12 percent success rate in getting staff to launch such simulated attacks.

“Email is a big threat,” Adams stressed. He told HCB News that in order to reduce hacker access through imaging files, they adopted a system 18 months ago that only allows physicians to view image but not move files outside the hospital data system. This “glass pane” measure allows the physicians everything they need to do to manipulate an image, but keeps the door closed to hackers.

Other key points of the presentation included:

Vendor software is often not as secure as it should be. Do not do business with any vendor who claims that installing anti-virus software will impede the performance of their software.

Speedy incident response to a detected data breech is key to minimizing damage. C-Suite leaders should be trained about these threats with a readiness plan to know how they must respond in the event of a known attack.

Encrypting, which scrambles data to hackers, should be used wherever possible. There was discussion about the need for encryption in emails, especially in transferring copies of records to patients, as well as sharing health records in population health management.

All data moving around and out of any electronic health record system should be continuously monitored, and anomalies immediately tagged and investigated.

Some 98 percent of all breech events occur from a known security threat that is at least a year old. About 50 percent of such attacks are rooted in threats that were known by the hospital for at least five years.

Health IT Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to, Inc. Copyright ©2001-2018, Inc.