Clean Sweep Live Auction on Wed. February 27th. Click to view the full inventory

DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment




Health IT Homepage

AI and personalized medicine to raise the bar in radiology reporting New innovations could provide myriad benefits to clinical workflow

The exam room of the future: Nuance unveils AI-based clinical documentation product at HIMSS Improving patient experience and freeing up physicians

HIMSS Analytics releases new model to help adopt enterprise imaging Eight-stage DIAM model helps organizations track their progress

Bitfury teams with MDW and Longenesis to create blockchain ecosystem for medical imaging Uphold, distribute and safeguard medical and diagnostic imaging

Hologic launches Unifi Analytics to curb mammo downtime Predicting tube failures before they happen and setting performance benchmarks

My observations from the HIMSS meeting The Jacobus Report

Health IT Product Showcase A few of the new solutions improving hospital workflow

Imaging IT market insights The analysts at MD Buyline provide tips for navigating the market

Moffitt Cancer Center secures radiology machines by ditching anti-virus software Speeding up software without compromising cybersecurity

Siemens focuses on digitalization at HIMSS Its expanded digital service portfolio will be on display


Compliance does not equal IT security: HIMSS

by John W. Mitchell , Senior Correspondent
In a talk that sometimes wandered into technical language, two data security experts ultimately imparted a simple message: hackers have nothing but time to spot and exploit complacency in hospital security measures.

“Electronic health records security relies on discipline and repeatable processes,” Mac McMillan, CEO at Cynergis Tek told the large audience. He stressed that HIPAA rules to keep hospitals compliant with ensuring patient privacy and protection of health records have not kept up since enacted in 1996. Meanwhile, hackers have evolved very quickly in recent years.

Story Continues Below Advertisement

New & Refurbished C-Arm Systems. Call 702.384.0085 Today!

KenQuest provides all major brands of surgical c-arms (new and refurbished) and carries a large inventory for purchase or rent. With over 20 years in the medical equipment business we can help you fulfill your equipment needs

“These attacks cost millions and affect patient care,” McMillan said, citing recent cases of ransomware in which hospitals had to pay hackers to get control back over electronic records and systems. “Many hospitals that have been in the news recently were compliant and had one certification or another to prove it, but were still breached,” he added.

Co-presenter Jay Adams, Director of Information Security at Tallahassee Memorial Health System (TMHS), said no hospital IT manager can watch everything.

”Large hospitals create up to 1.6 million data logs a week,” he said. He stressed that automated systems should be in place to monitor and track movement both in and out of a health care system. Both McMillan and Adams emphasized that people are always the weakest link in IT security. They urged hospitals to adopt ongoing training to educate their employees and medical staff about hackers.

At TMHS, Adams conducts quarterly “fishing drills” in which he sends out emails to entice employees to click on a link or attachment that is configured to resemble malware or other common hacker strategies. When he first started this training, he got nearly a 12 percent success rate in getting staff to launch such simulated attacks.

“Email is a big threat,” Adams stressed. He told HCB News that in order to reduce hacker access through imaging files, they adopted a system 18 months ago that only allows physicians to view image but not move files outside the hospital data system. This “glass pane” measure allows the physicians everything they need to do to manipulate an image, but keeps the door closed to hackers.

Other key points of the presentation included:

Vendor software is often not as secure as it should be. Do not do business with any vendor who claims that installing anti-virus software will impede the performance of their software.

Speedy incident response to a detected data breech is key to minimizing damage. C-Suite leaders should be trained about these threats with a readiness plan to know how they must respond in the event of a known attack.

Encrypting, which scrambles data to hackers, should be used wherever possible. There was discussion about the need for encryption in emails, especially in transferring copies of records to patients, as well as sharing health records in population health management.

All data moving around and out of any electronic health record system should be continuously monitored, and anomalies immediately tagged and investigated.

Some 98 percent of all breech events occur from a known security threat that is at least a year old. About 50 percent of such attacks are rooted in threats that were known by the hospital for at least five years.

Health IT Homepage

You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2019 DOTmed.com, Inc.