by
John R. Fischer, Senior Reporter | September 20, 2019
In the wrong hands, such information could be used to commit identity theft, to blackmail a person, or to commit ransom. It could even be sold online to other users, thereby spreading a person’s private information to more parties and potentially increasing the risks or dangers they face in their personal, financial and work lives, and other ways.
“We promptly mitigated the potential vulnerabilities identified by ProPublica and immediately began an ongoing, thorough investigation,” MobilexUSA’s parent company said in a statement.
Ad Statistics
Times Displayed: 9012
Times Visited: 50 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
3.
Know who is responsible for security
According to U.S. law, healthcare providers and business associates are responsible for ensuring that patient information is kept private. Identifying the specific person or group of individuals responsible for such a task, however, is an often complex and confusing task.
For years, vendors designed medical imaging software under the assumption that patient data would be secured by the provider’s computer security systems, according to ProPublica. As hospital and medical center networks grew in complexity and became connected to the internet, this responsibility fell on network administrators who thought that protections were already in place.
ProPublica recently showed its findings to the Medical Imaging & Technology Alliance, which oversees the enforcement of the industry standard, DICOM, for communicating information through medical equipment software. MITA confirmed that hundreds of servers exist with an open connection to the internet, but asserted that people overseeing them are responsible.
“What we typically see in the health care industry is that there is Band-Aid upon Band-Aid applied” to legacy computer systems, said cybersecurity researcher Jackie Singh, adding that it is a “shared responsibility” among manufacturers, standards makers and hospitals to ensure computer servers are secure.
4.
The sun has set on analog
Images can be uploaded to servers in seconds today and viewed by physicians on their computers. Many providers, however, have not fully transitioned their mindsets from their days of interpreting scans on analog films. This includes security, for which no protocols existed during this time.
While regulations such as HIPAA have helped to change this by requiring the implementation of precautions to prevent unauthorized access to information, ensuring providers follow them is a slow work-in-progress.
5.
Enforce penalties and regulations