Your Personal Health Data Is Not Safe
PC Magazine|September 2020
Electronic medical records are an incredible boon to healthcare.
NEIL J. RUBENKING
Your Personal Health Data Is Not Safe

When necessary, doctors can obtain important information such as your allergies, medical history, and known conditions, which can make all the difference in an emergency. But letting that information fall into the wrong hands could be a serious problem.

Regulations such as HIPAA aim to promote a super-high standard of security for personal medical information, with massive fines for failure. But a fine for security failure doesn’t necessarily create security success. Doctors and medical organizations rely on software vendors for secure systems, and as we’ve seen, software can be buggy. Worse, the medical organizations don’t have the knowledge to use the secure systems correctly and keep them disconnected from insecure systems.

Seth Fogie, Information Security Director for Penn Medicine, performed what he called an on-screen biopsy of healthcare security in the US for Black Hat attendees. It wasn’t pretty.

KNOWN PROBLEMS

As Foglie introduced himself, he noted that he had presented at Black Hat 16 years ago on the topic of Pocket PC security abuse. That seems dated today, but as he pointed out, Windows CE and other antiquated, insecure systems are still used in the healthcare industry.

“Patient records are being exploited and sold,” explained Foglie. “There is monetary value.”

This story is from the {{IssueName}} edition of {{MagazineName}}.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.

This story is from the {{IssueName}} edition of {{MagazineName}}.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.