Over 100 Massachusetts Auctions End Today - Bid Now
Over 1750 Total Lots Up For Auction at Five Locations - NJ Cleansweep 05/02, TX 05/03, TX 05/06, NJ 05/08, WA 05/09

Spanish Spanish

Imaging data is unprotected online: Five takeaways from ProPublica report

by John R. Fischer, Senior Reporter | September 20, 2019
Cyber Security Health IT
Share

In the wrong hands, such information could be used to commit identity theft, to blackmail a person, or to commit ransom. It could even be sold online to other users, thereby spreading a person’s private information to more parties and potentially increasing the risks or dangers they face in their personal, financial and work lives, and other ways.

“We promptly mitigated the potential vulnerabilities identified by ProPublica and immediately began an ongoing, thorough investigation,” MobilexUSA’s parent company said in a statement.


3. Know who is responsible for security

According to U.S. law, healthcare providers and business associates are responsible for ensuring that patient information is kept private. Identifying the specific person or group of individuals responsible for such a task, however, is an often complex and confusing task.

For years, vendors designed medical imaging software under the assumption that patient data would be secured by the provider’s computer security systems, according to ProPublica. As hospital and medical center networks grew in complexity and became connected to the internet, this responsibility fell on network administrators who thought that protections were already in place.

ProPublica recently showed its findings to the Medical Imaging & Technology Alliance, which oversees the enforcement of the industry standard, DICOM, for communicating information through medical equipment software. MITA confirmed that hundreds of servers exist with an open connection to the internet, but asserted that people overseeing them are responsible.

“What we typically see in the health care industry is that there is Band-Aid upon Band-Aid applied” to legacy computer systems, said cybersecurity researcher Jackie Singh, adding that it is a “shared responsibility” among manufacturers, standards makers and hospitals to ensure computer servers are secure.


4. The sun has set on analog

Images can be uploaded to servers in seconds today and viewed by physicians on their computers. Many providers, however, have not fully transitioned their mindsets from their days of interpreting scans on analog films. This includes security, for which no protocols existed during this time.

While regulations such as HIPAA have helped to change this by requiring the implementation of precautions to prevent unauthorized access to information, ensuring providers follow them is a slow work-in-progress.


5. Enforce penalties and regulations
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

The consequences of the hack of Lurie Children’s Hospital
Through Edgility acquisition ABOUT aims for end-to-end AI-driven patient flow
Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS