Healthcare and Technology news
51.5K views | +6 today
Healthcare and Technology news
Your new post is loading...
Your new post is loading...!

Should the Sony Hack Have Hospitals Concerned? | Hospital EMR and EHR

Should the Sony Hack Have Hospitals Concerned? | Hospital EMR and EHR | Healthcare and Technology news |

If you haven’t heard the details of the Sony hack, then lucky you. It seems that coverage of the hack has been everywhere. Long story short, Sony wasn’t careful and the hackers got a lot of really private information like emails. It was embarrassing to the company in a variety of ways and the effects of it and them eventually pulling The Interview are going to be felt for a long time to come. In fact, some of the hack included Sony’s insurance records which included medical information.

Should hospitals be concerned by the hack of Sony? The hack itself shouldn’t be of particular concern, but it should be a stark reminder that anyone is vulnerable if the hackers want to hack you enough. Unfortunately, the game of privacy and security is a cat and mouse game of trying to make what you have so difficult to access that hackers choose other, simpler targets.

With that said, if Sony, Google, Target, etc can be hacked, then anyone could be hacked. While it’s absolutely critical that you’re doing everything you can to make it hard for hackers to access your systems, it’s also important to make sure that you have proper breach procedures in place as well. How you handle a breach is going to be incredibly important for every organization.

While the Sony hack is going to cost them a lot of money. A breach in healthcare could incur some of the same embarrassment publicly, but there are also stiff HIPAA penalties for a breach. This could get very expensive for organizations that aren’t taking health IT security seriously. If you thought the coming MU penalties are bad, try to calculate in some major HIPAA fines and reduced patient load because patients no longer trust your organization. It will be devastating for organizations.

What is your organization doing to avoid breaches? Are you going beyond the HIPAA risk assessment?

No comment yet.!

Sony Hack Reveals Health Details on Employees and Their Children | The Health Care Blog

Sony Hack Reveals Health Details on Employees and Their Children | The Health Care Blog | Healthcare and Technology news |

On top of everything else, the Sony data breach revealed employees’ sensitive health information:  Top Sony executives saw lists of named employees who had costly medical treatments and saw detailed psychiatric treatment records of one employee’s son.

Like last year’s revelation by AOL’s CEO, it shows US corporations look at employees’ health information and costs. By ‘outing’ the fact that 2 of AOL’s 5,000 employees had premature infants whose treatment cost over $1 million each, the CEO violated the employees’ rights to health information privacy.

Trusted relationships simply cannot exist if individuals have no right to decide who to let in and who to keep out of pii. Current US technology systems make it impossible for us to control personal health data, inside or outside of the healthcare system.

Do you trust your employer not to snoop in your personal health information?  How can you trust your employer without a ‘chain of custody’ for  your health data? There is no transparency or accountability for the sale or use of our health data, even though Congress gave us the right to obtain an “Accounting for Disclosures (A4D)” for disclosures of protected health data from EHRs in the 2009 stimulus bill (the regulations have yet to be written).  And we have no complete map that tracks the millions of places US citizens’ health data flows. See: TheDataMap.

There is no way to know who sees, sells, or snoops in our health data unless whistleblowers or hackers expose what’s going on.  Our personal, identifiable health data is in millions of data bases unknown and inaccessible to us.  Both the Bush and Obama Administrations support this privacy-destructive business model on the Internet and in the US health care system.

The US health data broker industry consists of over 100,000 health data suppliers covering 780,000 live daily health data feeds. 


Both Angela Merkel and Jennifer Lawrence spelled out the deep and persistent effects of violating personal boundaries:

Both spoke of the deep emotional pain and costs of betrayal, and of being unable to trust or feel safe following such serious boundary violations. Trust is truly impossible unless individuals can set boundaries. People, companies, and governments must respect and honor individuals’ rights to control access to personal information to be trusted. Violating boundaries destroys trust and relationships between people and between nations.

Sadly, even though the  modern world’s concept of ‘privacy’ comes from our nation, from US Supreme Court Justice Louis D. Brandeis’ concept of privacy, and later in the computer age from Wallis Ware’s concept of Fair Information Practices, the US has lost its way and is destroying both freedom and the right to be let alone.

Among the Western Democracies, has the United States become the world’s most intrusive surveillance state?

Do we have control over any information about ourselves?  Or is every bit or byte of data about us collected, held, and sold by millions of hidden data bases?

No comment yet.!

Medical records exposed in massive Sony hack | Healthcare IT News

Medical records exposed in massive Sony hack | Healthcare IT News | Healthcare and Technology news |

Sony last week notified employees that their medical data and Social Security numbers were swiped in a cyberattack, a breach that has prompted privacy advocates to reaffirm the need to implement further data safeguards.

Sony Pictures Entertainment on Dec. 8 sent letters to 34 Sony employees and their dependents, notifying them that their protected health information, medical diagnoses, Social Security numbers, credit card information, passwords, compensation, passport numbers and other personally identifiable information had been stolen in a "brazen cyberattack." Medical information on employees included conditions such as alcohol-induced liver cirrhosis, kidney failure and cancer, according to a Bloomberg report

Sony officials did not respond for comment by publication time. 

The attack, which transpired Nov. 24 at Sony's Culver City, Calif.-based office, caused a "significant system disruption," Sony Pictures officials wrote in the notification letter. 

U.S. government officials with information on the ongoing investigation into the hacking have said they are "fairly confident" North Korea was responsible for the cyberattack

The incident has prompted privacy advocates to speak out on the need to implement added safeguards to protect data in the digital age. 

Deborah Peel, MD, founder of Patient Privacy Rights, a non-profit health privacy advocacy group, was chief among them to weigh in.

"This stuff will haunt all those people the rest of their lives. Once it's up on the Internet it is up in perpetuity," Peel told Bloomberg. "This is a thousand times worse than that other stuff," she said, referring to salary information and personal e-mails. “Health information is the most sensitive information about you.”

The worse part about this breach, as Peel pointed out in her blog response to the Sony breach? "The greatest damage caused by the lack of control over (personally identifiable information) is the loss of trust – trusted relationships between people, companies and governments are impossible without personal control over PII."

Peel cited what transpired earlier this year with AOL after CEO Tim Armstrong revealed healthcare details about two employees to explain why the company opted to cut certain health benefits. 

What this showed? Employers do look at their employees' personal health information, said Peel. "Trusted relationships simply cannot exist if individuals have no right to decide who to let in and who to keep out of pii," she added. "Current U.S. technology systems make it impossible for us to control personal health data, inside or outside of the healthcare system."

There have already been a significant number of hacking-related health data breaches just in the last few months. 

Just in November, for instance, the Dallas-based Onsite Health Diagnostics, a medical testing and screening company, which contracts with the state of Tennessee's wellness plan – notified more than 60,000 people that their protected health information was accessed and stored by an "unknown source," for a period of three months back in April. What's more, it took officials some four months to notify those individuals affected. 

In August, in the second biggest HIPAA breach ever reported, the Franklin, Tenn.-based Community Health Systems, notified 4.5 million of its patients that their personal information was stolen by cybercriminals who reportedly exploited the Heartbleed vulnerability. 

To date, nearly 42 million individuals have had their protected health information compromised in reportable HIPAA privacy and security breaches, according to data from the Department of Health and Human Services. Some nine percent of those are hacking-related breaches.

No comment yet.!

'Wiper' Malware: What You Need to Know

'Wiper' Malware: What You Need to Know | Healthcare and Technology news |

The FBI has reportedly issued an emergency "flash alert" to businesses, warning that it's recently seen a destructive "wiper" malware attack launched against a U.S. business.

Security experts say the FBI alert marks the first time that dangerous "wiper" malware has been used in an attack against a business in the U.S., and many say the warning appears to be tied to the Nov. 24 hack of Sony, by a group calling itself the Guardians of Peace

Large-scale wiper attacks are quite rare, because most malware attacks are driven by cybercrime, with criminals gunning not to delete data, but rather to quietly steal it, and for as long as possible, says Roel Schouwenberg, a security researcher at anti-virus firm Kaspersky Lab. "Simply wiping all date is a level of escalation from which there is no recovery."

Many Sony hack commentators have focused on the fact that previous wiper attacks have been attributed to North Korea, and that the FBI alert says that some components used in this attack were developed using Korean-language tools.

But Schouwenberg advocates skepticism, saying organizations and IT professionals should focus their energies on risk management. "We are much better off trying to understand the attack better, and maybe use this incident as an opportunity for businesses everywhere to basically re-evaluate their current security strategy, which probably isn't quite tailored to this type of scenario and say: 'Hey, this is where I can improve my posture,'" he says. "So we should be focusing on that technical aspect, rather than on the potential motivations of the attackers."

In this interview with Information Security Media Group, Schouwenberg details:

  • The relative ease with which wiper malware attacks can be crafted;
  • Steps businesses can take to improve their security defenses against wiper malware;
  • The importance of whitelisting applications - meaning that only approved applications are allowed to run on a PC, while all others are blocked.

No comment yet.