“How to Hack Healthcare” hosted by HIMSS

“How to Hack Healthcare” presentation by Alluvien Information Security experts:

Aaron Hayden, MBA
Software Development / Ethnics & Compliance

Alex Haslach, GSEC, CEH
System Administration / IT Control Analyst

June 25, 2015

“How to Hack Healthcare” presentation by Alluvien Information Security experts:

Aaron Hayden, MBA
Software Development / Ethnics & Compliance

Alex Haslach, GSEC, CEH
System Administration / IT Control Analyst

June 25, 2015

This webcast hosted by HIMSS covered ‘recent’ healthcare entities that have been hacked (Anthem, Premera, CHS, etc.), how the hackers got into their systems and what safeguards (cover risk) could have been put into place to avoid these intrusions. Later in the webcast Alex covered HIPPA requirements; Administrative, Physical, Technical (Access, Audit, Intergrity and Transmission). Thoughtful and useful advice was given to the audience on the best actions for healthcare, etc. to take to avoid hacks.

*Image source: Fox Small Business Center

As mentioned in the slides, over the last decade healthcare providers account for 26.8% of data breaches (about 1200), however not every sector has mandatory reporting, healthcare is overrepresented. Both Anthem (2010) and Premera (2014) were hacked via spear phishing. A fake website was created with very similar web address; an employee went to this website and gave away their credentials. Aaron goes into detail of why hackers preform these ‘mega breaches’, citing the main reason is because there is a huge black market for data, and the suspicion is that hackers assemble a database about individuals and can use this protected information to target same group of people in the future by using better ‘crafted’ phishing emails; federal employees are usually main target. Another hypothesis is that this is illicit market research, used to generate new and better uses of healthcare products. This is the ‘positive’ spin on things, I applaud your efforts Aaron, but I am VERY doubtful! Aaron also talked about the Community Health Systems (CHS) hack of more than 200 healthcare facilities somewhere between April and June 2014. This was a far more sophisticated attack utilizing malformed requests (hackers asked for encrypted sessions with the webserver) and a OpenSSL Heartbleed vulnerability reportedly resulted in a VPN session hijack.

READ

Where Does Blockchain Fit Into Healthcare?

So are governmental mandates enough to help prevent such attacks? If an organization is compliant with HIPPA, it “…does not mean it is secure in any way”. One huge downfall that was a common theme with Premera, Anthem and other attacks, was the length of time hackers had access to data before it was even noticed by anyone due to the lack of monitoring and the strong compliance beyond just HIPPA. Protection systems like Intrusion Detective System (IDS), Intrusion Prevention System (IPS) and Security information and event management (SIEM) System need to be in place. A useful source mentioned was a non-profit cooperative research and education organization called SANS that has a comprehensive list of top 20 Critical Security Controls that mitigate and prevent security breach; organizations that have implemented these security controls have an 85% less likely chance of a breach.

The slides that go into HIPPA are in the link below for your reading pleasure! I don’t want this to become a blog about the subject (easily done due to the vastness), but please read their slides because they do a wonderful job of summing it up. Instead I want my next point to be about my question asked. I wrote in asking Aaron and Alex their opinion on utilizing Amazon Web Services (what Wellpepper uses), to store PHI data etc. and what they believed the pros and cons to be. Aarons opinion was the bigger the company the better… they have solid safeguards to protect PHI data and can easily present their policies to clients, but as a customer if you have a security request that is in conflict with their efficiently organized architecture, they are not going accommodate. Alex agreed adding that it is a matter risk of transference; will Amazon do a better job of protecting our data by taking the risk for us? Yes, because Amazon maintains class one data centers all around the world that have very good security controls, they have resources to invest in the highest level of protection available with an entire team to do so. With that coming from Alluvien security professionals, it is nice to be reassured that PHI data that Wellpepper utilizes is well protected.

READ

Fashion vs Function: 5 Ways Technology Is Revolutionizing Activewear

The webcast is available here after a short ‘registration’ process. The on demand webcast expires at the end of July.

What To Know About Nutritional Supplement Packaging Safety

5 Strategies For Improving Healthcare Efficiency

How Local Hospitals Are Under Mounting Pressure?

Understanding The Impact Of Google’s Medic Update On Health Sites

Why Meal Planning Is Good for Your Budget & Your Health

How Do I Become A Clinical Documentation Specialist?

How To Get Capital For New Equipment For Your Healthcare Business

Financial Benefits For People Suffering From Dementia

5 Strategies For Improving Healthcare Efficiency

How Local Hospitals Are Under Mounting Pressure?

How Health Facilities Can Prepare For Natural Disasters

10 Major IT Challenges Healthcare Organizations Are Facing Today

3 Secrets Triggering Enormous Interest In Healthcare Analytics

The Roles Of AI, IoT, And Cybersecurity In Transforming Healthcare

Telemedicine Is An Efficient Tool To Transform The Healthcare Industry

How Startups Are Bringing Healthcare To Rural Areas

7 Important Benefits Of Electronic Health Records (EHRs)

Three Practical Uses For Wearables In EHR

Patient Misidentification: Just How Damaging Is It?

Dealing With A Health Crisis? Avoid Medical Identity Theft With These Tips

The Roles Of AI, IoT, And Cybersecurity In Transforming Healthcare

Top 5 Ways Mobile Apps Are Impacting Health And Fitness Industries

How To Use SMS To Increase Customer Satisfaction In Healthcare

Top 5 Advantages Of A Heart Rate Monitor – For Workouts And Daily Life

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

How To Protect Patient Health Data With Security Testing

Why Massage Chairs Are Beneficial For Your Health

How Has Technology Changed the Medical Sector In 2019?

3 Secrets Triggering Enormous Interest In Healthcare Analytics

How Has Technology Changed the Medical Sector In 2019?

What Goes Into The Cost Of A CT Scanner?

Here Is Everything You Need To Know To Purchase A New MRI Machine

How Anesthesia Can Be Delivered With Anesthesia Machines

How Has Technology Changed the Medical Sector In 2019?

Making Sense Of The Surge Of Voice Recognition Software In Healthcare

Important Things To Know About Advances In Healthcare Robotics

Here’s How Technological Innovation Is Transforming Healthcare

What To Know About Nutritional Supplement Packaging Safety

What to Expect as a First Time User of CBD Gummies

Four Signs That Show You Need Rehabilitation

How To Choose The Right Dentist: Try These 6 Simple Steps

Dealing With A Health Crisis? Avoid Medical Identity Theft With These Tips

Body Pain And Chiropractic Care: How Are They Related?

Who Can Receive Free HPV Vaccines to Combat Cervical Cancer?

9 Signs You Need An Emergency Dentist

5 Common Misconceptions About Naturopathic Medicine

Top AED Models To Minimize Risks Of Cardiac Arrest 2019

3 Things To Consider When Looking For A Heart Doctor

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

9 Signs You Need An Emergency Dentist

Crooked Teeth vs. Perfect Teeth: Clip-On Veneers

Pros And Cons Of Flossing: Why Is This Dental Tip Overlooked?

Dental Anxiety: Why It’s Common And How To Deal With It

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

How In-Home Visits Might Help Reduce Childhood Obesity

How Does Fat Leave Your System When You Lose Weight?

The Positive Impact Of Outdoor Activities And Events On Kids’ Health

How Can Parents Prevent Obesity In Children

Body Pain And Chiropractic Care: How Are They Related?

Four Ways to Banish Back Pain For Good

The Most Important Things To Know When Choosing A Chiropractor

A Guide to Caring for Bunions

Prenatal Care: 5 Great Reasons to Get a Prenatal Massage

Are You Healthy Enough to be a Surrogate?

5 Tips for a Healthy Pregnancy

3 Nutritious Foods To Eat During Your Second Trimester Of Pregnancy

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week