Showing posts with label medical. Show all posts
Showing posts with label medical. Show all posts

QOTD e-Records & Malware

So the malware sits on the doctors laptop, waits for him to log in ... and the malware is reading the data at the same time the doctor is. They [hackers] did not need to log in on your behalf. They did not need to crack passwords. They did not need to go to the hard drive and decrypt the data. They sat in the middle of the application. -- Dr. Taher Elgamal, CSO at Axway, was key in the development of SSL at Netscape
Src: As health data goes digital, security risks grow - BusinessWeek
Posted by DrInfoSec on 3/22/2010 0 comments
Labels: ,

Warner Touts E-Medical Data Despite Hacker Attack

One of the keys is how we ensure security and privacy. Just as we see that in financial records you can never get 100 percent protection, we have a very efficiently functioning system around financial records (and) around other critical information. -- US Senator Mark Warner
The recent news about a hacker gaining access to the State of Virginia's Prescription Monitoring Program highlights the differences, not the similarities, between the financial system and the health care system. In the financial system, money has no intrinsic value as all dollar bills are dollar bills; if your account is compromised and you are not the culprit, your account's balance will be restored in time.

In the case of electronic medical records, the records contain a detailed report of your health history, your prescription history, and possibly your mental health history. Health care data has intrinsic value; once stolen, that information can not only be used to commit prescription fraud and medical procedure reimbursement fraud, but long-term, it can be used to take advantage of you and those around you.

The article goes on to say that "frustrated lawmakers wanted to know why a firewall put in place by the Virginia Information Technologies Agency and its contractors didn't foil the attack." This statement illustrates how little the average lawmaker knows about the current level of threats to electronic data. Unfortunately, while your credit card can be closed and a new number re-issued, your health care records cannot.

Src: Warner Touts E-Medical Data Despite Hacker Attack | NYTimes.com
Posted by DrInfoSec on 5/19/2009 1 comments
Labels: , , ,
Subscribe to: Posts (Atom)