By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: “How to Hack Healthcare” hosted by HIMSS
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Technology > Medical Innovations > “How to Hack Healthcare” hosted by HIMSS
Medical InnovationsTechnology

“How to Hack Healthcare” hosted by HIMSS

ezampino
ezampino
Share
6 Min Read
SHARE

“How to Hack Healthcare” presentation by Alluvien Information Security experts:

Aaron Hayden, MBA
Software Development / Ethnics & Compliance

Alex Haslach, GSEC, CEH
System Administration / IT Control Analyst

June 25, 2015

More Read

Video: Tips for Overcoming the Gray Areas of Meaningful Use Stage 1 for Safety Net Providers
Insulin Nasal Spray Could Delay Cognitive Function Decline
Post Market Surveillance for Medical Devices: Essential or Overreaching?
UCLA Performs Hand Transplant
#TEDMED Day Two: The Reinvention Continues

“How to Hack Healthcare” presentation by Alluvien Information Security experts:

Aaron Hayden, MBA
Software Development / Ethnics & Compliance

Alex Haslach, GSEC, CEH
System Administration / IT Control Analyst

June 25, 2015

This webcast hosted by HIMSS covered ‘recent’ healthcare entities that have been hacked (Anthem, Premera, CHS, etc.), how the hackers got into their systems and what safeguards (cover risk) could have been put into place to avoid these intrusions. Later in the webcast Alex covered HIPPA requirements; Administrative, Physical, Technical (Access, Audit, Intergrity and Transmission). Thoughtful and useful advice was given to the audience on the best actions for healthcare, etc. to take to avoid hacks.

*Image source: Fox Small Business Center

As mentioned in the slides, over the last decade healthcare providers account for 26.8% of data breaches (about 1200), however not every sector has mandatory reporting, healthcare is overrepresented. Both Anthem (2010) and Premera (2014) were hacked via spear phishing. A fake website was created with very similar web address; an employee went to this website and gave away their credentials. Aaron goes into detail of why hackers preform these ‘mega breaches’, citing the main reason is because there is a huge black market for data, and the suspicion is that hackers assemble a database about individuals and can use this protected information to target same group of people in the future by using better ‘crafted’ phishing emails; federal employees are usually main target. Another hypothesis is that this is illicit market research, used to generate new and better uses of healthcare products. This is the ‘positive’ spin on things, I applaud your efforts Aaron, but I am VERY doubtful! Aaron also talked about the Community Health Systems (CHS) hack of more than 200 healthcare facilities somewhere between April and June 2014. This was a far more sophisticated attack utilizing malformed requests (hackers asked for encrypted sessions with the webserver) and a OpenSSL Heartbleed vulnerability reportedly resulted in a VPN session hijack.

So are governmental mandates enough to help prevent such attacks? If an organization is compliant with HIPPA, it “…does not mean it is secure in any way”. One huge downfall that was a common theme with Premera, Anthem and other attacks, was the length of time hackers had access to data before it was even noticed by anyone due to the lack of monitoring and the strong compliance beyond just HIPPA. Protection systems like Intrusion Detective System (IDS), Intrusion Prevention System (IPS) and Security information and event management (SIEM) System need to be in place. A useful source mentioned was a non-profit cooperative research and education organization called SANS that has a comprehensive list of top 20 Critical Security Controls that mitigate and prevent security breach; organizations that have implemented these security controls have an 85% less likely chance of a breach.

The slides that go into HIPPA are in the link below for your reading pleasure! I don’t want this to become a blog about the subject (easily done due to the vastness), but please read their slides because they do a wonderful job of summing it up. Instead I want my next point to be about my question asked. I wrote in asking Aaron and Alex their opinion on utilizing Amazon Web Services (what Wellpepper uses), to store PHI data etc. and what they believed the pros and cons to be. Aarons opinion was the bigger the company the better… they have solid safeguards to protect PHI data and can easily present their policies to clients, but as a customer if you have a security request that is in conflict with their efficiently organized architecture, they are not going accommodate. Alex agreed adding that it is a matter risk of transference; will Amazon do a better job of protecting our data by taking the risk for us? Yes, because Amazon maintains class one data centers all around the world that have very good security controls, they have resources to invest in the highest level of protection available with an entire team to do so. With that coming from Alluvien security professionals, it is nice to be reassured that PHI data that Wellpepper utilizes is well protected.

The webcast is available here after a short ‘registration’ process. The on demand webcast expires at the end of July.

Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

dental care
Importance of Good Dental Care for Health and Confidence
Dental health Specialties
October 2, 2025
AI in Healthcare
AI in Healthcare: Technology is Transforming the Global Landscape
Global Healthcare Policy & Law Technology
October 1, 2025
Choosing the Right Swimwear for Health and Safety
News
September 30, 2025
sports concussions
Concussion In Sports: How Common They Are And What You Need To Know
Infographics
September 28, 2025

You Might also Like

autism
Medical DevicesMedical InnovationsRemote DiagnosticsTechnology

MIT Researchers Aim to Help People with Autism

November 1, 2013

Sealants, Glues, Hemostats, Anti-Adhesion: An Evolved Market

July 9, 2014

Playing for Better Health with BioGaming

March 28, 2014
eHealthRemote DiagnosticsTechnology

Technological Advancements in The Medical Field That You Should Keep An Eye On

January 15, 2019
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?