Advertisement

Blog Viewer

Cybersecurity

By Dennis Tribble posted 06-07-2018 09:25

  
Yesterday I received a link to the HITRUST Alliance with a report on cyber security issues in healthcare. In talking with a colleague in the cyber security space, he described the report as "fundamentally sound, if a bit sensationalized". I would therefore recommend it to your reading.

The principal concern of the report appears to revolve around systems and devices that are visible to the web, and should not be. Having said that, the report contains some nuggets about cyber security of which many of us may be unaware:
  • Use of unprotected data storage devices - this is not new to me but may be to you. Plugging an unprotected thumb drive into a company computer has led to a number of problems in my personal experience. 
  • Hacked medical devices - another vector that has been demonstrated is the purchase of devices, hacking their internals, and then placing them into use in a healthcare environment. How are your internal controls for allowing devices access to your WiFi or hard-wired network?
  • Network infrastructure configuration changes that expose your hospital network directly to the web. 
  • Poorly controlled third-party applications, whether hosted by a vendor or hosted from the web that could provide a gateway to your internal network.
  • Web posting of images of software screens that contain ePHI.
  • Downloading malicious apps.
My goal here is not to create panic, but to inform. I suggest giving this report a good read and having appropriate discussions with your supply chain partners as well as internal IT resources. I also suggest taking a long look at any departmental procedures that involve the transfer of files with a thumb drive or other removable media.

I would be very surprised to learn that your IT organization isn't very concerned about cyber security. I would be even more surprised if they were not willing to help you evaluate your practices.

The sad reality appears to be that we live in an unfriendly world. We have to continue to perform our professional duties; we just probably need to be more careful than we may have been.

Dennis A. Tribble, Pharm.D., FASHP
Ormond Beach, FL
DATdoc@aol.com

The opinions expressed herein are my own, and not necessarily those of my employer or of ASHP.
0 comments
9 views

Permalink