Health-care sector vulnerable to hackers, researchers say

From the Wall Street Journal article by Robert O’Harrow Jr. titled Health-care sector vulnerable to hackers, researchers say

“As the health-care industry rushed onto the Internet in search of efficiencies and improved care in recent years, it has exposed a wide array of vulnerable hospital computers and medical devices to hacking, according to documents and interviews.

Security researchers warn that intruders could exploit known gaps to steal patients’ records for use in identity theft schemes and even launch disruptive attacks that could shut down critical hospital systems.

A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems.

“I have never seen an industry with more gaping security holes,” said Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. “If our financial industry regarded security the way the health-care sector does, I would stuff my cash in a mattress under my bed.””

Equipment losses still plague VA: GAO report — by Joseph Conn

This is powerful story because the expert quoted points out that most organizations do not bother to account for lost or stolen equipment that costs less than $2,000. That means laptops and PDAs. Worse—these organizations have NO IDEA whose data was even on the mobile devices, so they cannot notify anyone! Makes you feel REALLY safe.

This should be highly relevant to Congress–as it drafts requirements for encrypting data and breach notification.

View Full Article