Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Healthcare Managers Admit Their IT Systems Have Been Compromised

Posted by samzenpus on from the protect-ya-neck dept.

Lucas123 writes: Eighty-one percent of healthcare IT managers say their organizations have been compromised by at least one malware, botnet or other kind of cyber attack during the past two years, and only half of those managers feel that they are adequately prepared to prevent future attacks, according to a new survey by KPMG. The KPMG survey polled 223 CIOs, CTOs, chief security officers and chief compliance officers at healthcare providers and health plans, and found 65% indicated malware was most frequently reported line of attack during the past 12 to 24 months. Additionally, those surveyed indicated the areas with the greatest vulnerabilities within their organization include external attackers (65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (27%). Top among reasons healthcare facilities are facing increased risk, was the adoption of digital patient records and the automation of clinical systems.

1 of 122 comments (clear)

  1. No surprise - I work in the industry by cpm99352 · · Score: 4, Informative

    Incompetence abounds in the health care industry:

    1. Legacy mainframe systems that have no data integrity - dates like 99/99/9999 are considered valid

    2. Legacy mainframe systems that have no data integrity - tabs present in names & addresses, so a tab-delimited extract then proves challenging

    3. IT Staff who refuse to block China and the -stans (despite having only US coverage), saying that it is not a complete solution.

    4. On the database side, passwords stored in cleartext. Surprisingly, this apparently isn't a violation of PCI rules.


    My advice? If you have a sensitive claim, pay cash and don't involve the insurance company. This is difficult, and may require you to use a different doctor when going this route. Bonus points if you can use fake ID. You would be absolutely astonished at where the claims data goes. Third parties get all sorts of data. HIPAA exclusions are enormous. If you think only your doctor knows about your embarassing drug addiction/sexual disease/mental health problem you are grossly mistaken.