Written by: Anupam Sahai, Vice President, Product Management, Cavirin
Time to perk your ears up! If you haven’t been paying attention, the healthcare industry, whether you’re ready to admit it or not, is in the midst of an IT crisis. With an ever-increasing influx of security threats looming, healthcare IT leaders, now more than ever, need to embrace the power of change to transform how doctors, nurses, staff and patients consume IT. This was just one of the key themes presented back in March at the HIMMS18 conference in Las Vegas.
Threats are coming in from several fronts. Here are a few reasons why many CIOs and CTOs are finding it hard to get a good night’s sleep:
The fallacy of thinking compliance = a strong security posture
Some organizations think that abiding by regulations such as HIPAA makes them safe, but this has been proven to be incorrect. Let’s take a real public example. In February 2015, Anthem disclosed that criminal hackers had broken into its servers and had potentially stolen more than 37.5 million records that contained personally identifiable information. 20 days later, Anthem raised the number to 78.8 million records. According to Anthem, the data breach extended into multiple brands that Anthem uses to market its healthcare plans, including Anthem Blue Cross and Blue Shield, Amerigroup, Caremore, and UniCare. The security breach occurred even though Anthem was HIPAA compliant.
Vulnerable legacy equipment
For decades, manufacturers like Siemens, Bosch, Honeywell and others have built embedded systems that run on operating systems from the Stone Age—unpatched, insecure and vulnerable. An example of this includes Siemens medical scanners. Hackers can exploit trivial flaws in the network-connected devices to run arbitrary malicious code on the equipment. These remotely-accessible vulnerabilities lurked in all Siemens positron emission tomography and computed tomography scanners running Microsoft Windows 7.