February 18, 2006
Very Sad News
Written by: John
There was a recent news article that described how an emergency room was shutdown because of someone’s attempt to make a little cash. He basically had a little army of robots that would traverse the internet looking for vulerable computers that he could exploit. This technique isn’t anything new and so we should be use to it. However, it is sad when people put other people’s lives at risk because they want to make a buck. There’s really no excuse for it. Unfortunately I don’t think prison is even going to solve the problem. Although I do hope that he is convicted of whatever is possible.
More importantly is why wasn’t the hopsital better prepared for this? Regularly patching windows, anti-virus and adware programs can protect you from most of these attacks. This should give us all a little more interest in making sure our updating and scanning policies are good. My guess is that even the most basic HIPAA compliancy should have protected this hospital from attack.
Thankfully no one was hurt in this story. It will be a very sad day when this is not the case.
Related Articles3 responses to "Very Sad News"
Leave a Reply
- » Recent articles
- The Current Health IT and EHR Bubble
- Making the Case for EMR VARs
- Government Healthcare IT Dashboard from ONC
- EMR Data Inaccuracies, EMR and Labs, and the Database of Healthcare
- Two Primary Obstacles to PHR Adoption per Epic
- EHSD – EHR Hunt Stress Disorder
- Cloud Computing Won’t Be the Death of Client Server EMR – Something Else Will Be
- Patient Relationship Management Taking on the Patient Portal and PHR
- Comments Submitted on Stage 2: Is the Bar Being Raised Too High? – Meaningful Use Monday
- EMR as Medical Devices, Facebook Organ Donor Initiative, and Innovation at Big Companies
- Health Care Administration - MHA Programs
- » Archive Calendar
-
Jobs by SimplyHired
The sad part is that critical hospital systems were made publicly accessible. Reality is that there is malicious software in use and constantly being created, and that’s been a given for many years already. Forget the kid who works at walmart – the one who put people’s lives at risk was the person who actually knew better and was responsible for their systems architecture, who then decided a properly configured firewall wasn’t necessary.
I disagree that we need to forget the kid at Walmart. He’s responsible for his actions. I do agree that the system architect that left their health systems open is responsible too. These policies are nothing new.
One other person we could possibly throw under the bus is the hospital administrators who wouldn’t fund the firewall. A systems architect can only do so much for a hospital without the money to pay for good HIPAA security.
I am currently trying to implement an EMR system in a small practice. I am trying to convince the parties involved that it is necessary to transition to a domain controlled network for security reasons even though this type of network is not required for our EMR system or its server. My understanding of HIPAA is that simply having a firewall does not qualify as a “secured network”. Am i right on this?