Clean Sweep Live Auction on Wed. May 1st. Click to view the full inventory

DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Pediatrics
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment




Health IT Homepage

HDOs: Address IoT security governance today for a more secure tomorrow Implementing a solid program is the best defense against attack

VisualDx to develop decision support platform for ultrasound in space Provide basic guidance on ultrasound interpretation

HHS releases second draft of TEFCA for nationwide interoperability Requirements for sharing electronic health information

Want to reduce readmissions? Let’s start with keeping patients healthier Insights from Robin Hill, chief clinical officer at Vivify Health

Decision support software could reduce scans by 6 percent: MIT researchers Prevent overuse of powerful and costly imaging exams

CMS to add more telehealth benefits to Medicare Advantage plans Aiming for greater flexibility, lower costs

Fredrik Palm ContextVision appoints new CEO

Trice Imaging connects imaging devices of large chain healthcare provider Aleris Patients and physicians can view images on laptops, cell phones

Three recommendations to better understand HIPAA compliance Approximately 70 percent of organizations are not HIPAA compliant

Researchers orchestrate malware attack to expose imaging vulnerabilities Deceived radiologists and AI algorithms into misdiagnoses


Compliance does not equal IT security: HIMSS

by John W. Mitchell , Senior Correspondent
In a talk that sometimes wandered into technical language, two data security experts ultimately imparted a simple message: hackers have nothing but time to spot and exploit complacency in hospital security measures.

“Electronic health records security relies on discipline and repeatable processes,” Mac McMillan, CEO at Cynergis Tek told the large audience. He stressed that HIPAA rules to keep hospitals compliant with ensuring patient privacy and protection of health records have not kept up since enacted in 1996. Meanwhile, hackers have evolved very quickly in recent years.

Story Continues Below Advertisement

Free Marketplace where Lenders Compete Get Pre-Approved for up to $500,000

Get financing today. We say YES more! Easy, Fast, Application. Pick the payment that best works for you. Tax Benefits + Leasing = Huge Savings! NEVER BE OBSOLETE. NO DOWN PAYMENT. FIXED MONTHLY PAYMENT. MRI, CT, Ultrasound, Digital X-ray, Dental Equipment

“These attacks cost millions and affect patient care,” McMillan said, citing recent cases of ransomware in which hospitals had to pay hackers to get control back over electronic records and systems. “Many hospitals that have been in the news recently were compliant and had one certification or another to prove it, but were still breached,” he added.

Co-presenter Jay Adams, Director of Information Security at Tallahassee Memorial Health System (TMHS), said no hospital IT manager can watch everything.

”Large hospitals create up to 1.6 million data logs a week,” he said. He stressed that automated systems should be in place to monitor and track movement both in and out of a health care system. Both McMillan and Adams emphasized that people are always the weakest link in IT security. They urged hospitals to adopt ongoing training to educate their employees and medical staff about hackers.

At TMHS, Adams conducts quarterly “fishing drills” in which he sends out emails to entice employees to click on a link or attachment that is configured to resemble malware or other common hacker strategies. When he first started this training, he got nearly a 12 percent success rate in getting staff to launch such simulated attacks.

“Email is a big threat,” Adams stressed. He told HCB News that in order to reduce hacker access through imaging files, they adopted a system 18 months ago that only allows physicians to view image but not move files outside the hospital data system. This “glass pane” measure allows the physicians everything they need to do to manipulate an image, but keeps the door closed to hackers.

Other key points of the presentation included:

Vendor software is often not as secure as it should be. Do not do business with any vendor who claims that installing anti-virus software will impede the performance of their software.

Speedy incident response to a detected data breech is key to minimizing damage. C-Suite leaders should be trained about these threats with a readiness plan to know how they must respond in the event of a known attack.

Encrypting, which scrambles data to hackers, should be used wherever possible. There was discussion about the need for encryption in emails, especially in transferring copies of records to patients, as well as sharing health records in population health management.

All data moving around and out of any electronic health record system should be continuously monitored, and anomalies immediately tagged and investigated.

Some 98 percent of all breech events occur from a known security threat that is at least a year old. About 50 percent of such attacks are rooted in threats that were known by the hospital for at least five years.

Health IT Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2019 DOTmed.com, Inc.