New Report Shows Healthcare IT Security is On Wobbly Legs
Cryptocurrency enthusiasts will recall the story of several hospitals being infected with Bitcoin ransomware earlier this year. A new study on how hospitals treat patient privacy and confidentiality shows how malware attacks are not the biggest concern. Poor security practices can be found everywhere, putting patient information at risk unnecessarily.
The report, titled Workarounds to Computer Access in Healthcare Organizations, paints a very worrisome picture. Technology makes the healthcare system more convenient for all parties involved, but human errors are causing a lot of problems. Prescribing the wrong medication n because the physicist is looking at the file of a previous patient, for example, are not that uncommon.
Technology Is Difficult To Handle
Although human error is easy to blame, it is not the only culprit, unfortunately. Lackluster IT infrastructure is a pain in the neck to deal with. Computer access workarounds are far too common in the healthcare industry. If staff can bypass most security measures so can outside attackers.
The Bitcoin ransomware attack against the Hollywood Presbyterian Medical Center is just one example of these weak defenses. Locking down the institution’s computer system was far easier than anticipated. One of the staffers downloaded a malicious file which compromised the entire network. As a result, the hospital had to pay 40 Bitcoin to restore data access.
Staffers Are Careless With Security
It is evident for everyone to see the majority of security threats come from within the healthcare industry itself. Passwords are annoying, even though they provide marginals security. Easy to guess password combinations can put patient records at risk. Moreover, when passwords expire and need to be reset, the process takes longer than it should.
“We find users write down passwords everywhere. Sticky notes form sticky stalagmites on medical devices and in medication preparation rooms… One vendor even distributed stickers touting “to write your username and password and post on your computer monitor.”
There is a clear issue between the human element and technological advancements. Bridging this gap is going to take time and money, neither of which can be found in abundance when somebody’s life is at stake. But if things do not improve, future attacks against healthcare institutions are not unlikely.
What are your thoughts on the findings in this report? Let us know in the comments below!
Images courtesy of Shutterstock, 123rf