“How to Hack Healthcare” hosted by HIMSS

“How to Hack Healthcare” presentation by Alluvien Information Security experts:

Aaron Hayden, MBA
Software Development / Ethnics & Compliance

Alex Haslach, GSEC, CEH
System Administration / IT Control Analyst

June 25, 2015

“How to Hack Healthcare” presentation by Alluvien Information Security experts:

Aaron Hayden, MBA
Software Development / Ethnics & Compliance

Alex Haslach, GSEC, CEH
System Administration / IT Control Analyst

June 25, 2015

This webcast hosted by HIMSS covered ‘recent’ healthcare entities that have been hacked (Anthem, Premera, CHS, etc.), how the hackers got into their systems and what safeguards (cover risk) could have been put into place to avoid these intrusions. Later in the webcast Alex covered HIPPA requirements; Administrative, Physical, Technical (Access, Audit, Intergrity and Transmission). Thoughtful and useful advice was given to the audience on the best actions for healthcare, etc. to take to avoid hacks.

*Image source: Fox Small Business Center

As mentioned in the slides, over the last decade healthcare providers account for 26.8% of data breaches (about 1200), however not every sector has mandatory reporting, healthcare is overrepresented. Both Anthem (2010) and Premera (2014) were hacked via spear phishing. A fake website was created with very similar web address; an employee went to this website and gave away their credentials. Aaron goes into detail of why hackers preform these ‘mega breaches’, citing the main reason is because there is a huge black market for data, and the suspicion is that hackers assemble a database about individuals and can use this protected information to target same group of people in the future by using better ‘crafted’ phishing emails; federal employees are usually main target. Another hypothesis is that this is illicit market research, used to generate new and better uses of healthcare products. This is the ‘positive’ spin on things, I applaud your efforts Aaron, but I am VERY doubtful! Aaron also talked about the Community Health Systems (CHS) hack of more than 200 healthcare facilities somewhere between April and June 2014. This was a far more sophisticated attack utilizing malformed requests (hackers asked for encrypted sessions with the webserver) and a OpenSSL Heartbleed vulnerability reportedly resulted in a VPN session hijack.

READ

Top 5 Reasons For Blockchain Implementation In Healthcare In 2019

So are governmental mandates enough to help prevent such attacks? If an organization is compliant with HIPPA, it “…does not mean it is secure in any way”. One huge downfall that was a common theme with Premera, Anthem and other attacks, was the length of time hackers had access to data before it was even noticed by anyone due to the lack of monitoring and the strong compliance beyond just HIPPA. Protection systems like Intrusion Detective System (IDS), Intrusion Prevention System (IPS) and Security information and event management (SIEM) System need to be in place. A useful source mentioned was a non-profit cooperative research and education organization called SANS that has a comprehensive list of top 20 Critical Security Controls that mitigate and prevent security breach; organizations that have implemented these security controls have an 85% less likely chance of a breach.

The slides that go into HIPPA are in the link below for your reading pleasure! I don’t want this to become a blog about the subject (easily done due to the vastness), but please read their slides because they do a wonderful job of summing it up. Instead I want my next point to be about my question asked. I wrote in asking Aaron and Alex their opinion on utilizing Amazon Web Services (what Wellpepper uses), to store PHI data etc. and what they believed the pros and cons to be. Aarons opinion was the bigger the company the better… they have solid safeguards to protect PHI data and can easily present their policies to clients, but as a customer if you have a security request that is in conflict with their efficiently organized architecture, they are not going accommodate. Alex agreed adding that it is a matter risk of transference; will Amazon do a better job of protecting our data by taking the risk for us? Yes, because Amazon maintains class one data centers all around the world that have very good security controls, they have resources to invest in the highest level of protection available with an entire team to do so. With that coming from Alluvien security professionals, it is nice to be reassured that PHI data that Wellpepper utilizes is well protected.

READ

8 Reasons Why mHealth Is Beneficial For Patients Of The Future

The webcast is available here after a short ‘registration’ process. The on demand webcast expires at the end of July.

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Here Are the Best Ways to Promote Your Business at the Next Health and Wellness Expo

How to Find the Best Hosting Provider for Your Medical Website

Will The Surge In Celebrity Surrogacy Change The Business Of Fertility?

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

6 Healthcare Financial KPIs You Need for 2017

Determining the ROI on Aquatic Therapy in Your PT Practice

What Would Medicare For All Mean For Healthcare Entrepreneurs?

4 Strategic Approaches To Reducing Hospital Errors

Think Patients Are Bad At Communicating? Rethink Your Systems

8 Of The Most Bizarre Medical Malpractice Cases Out There

7 Tips To Make Sure Your Medical Practice Is Found Online

Healthcare Blockchain Technology: The Good, Bad, And Terrible

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

Here’s The Real Truth About Online Medical Services

How Cryptocurrency Benefits Medical Billing Services

Why Blockchain In Healthcare Could Be A Game Changer For EHRs

Here’s Why The Lab Automation Market Is Growing

8 Of The Most Bizarre Medical Malpractice Cases Out There

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

6 Ways Mobile Applications Bring Value to Patients and Doctors

The Role Of The Internet Of Medical Things In Healthcare

All The Ingredients You Need For A Successful Health Insurance App

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

How Big Data Can Be Used To Prevent Fatal Heart Attack

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Healthcare Blockchain Technology: The Good, Bad, And Terrible

5 Trends That Are Impacting The Healthcare Industry

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

Here’s The Real Truth About Online Medical Services

5 Reasons Why Medical Device Machining Should Be Done By Professionals

Big Data: How Smart Medical Devices Can Change the Future of Healthcare

People Suffering From Hearing Loss Can Be Helped By Technology

Revolutionary Therapeutics For Neuroendocrine Carcinoma Are Underway

9 Medical Technologies Revolutionizing Healthcare

The Rise Of eHealth: Staying Relevant In The Digital Healthcare Paradigm

Here’s How Millennials Impact Clinical Research And The Health Sector

The Revolutionary Advent Of Precision Medicine In Cancer Treatment

Why The Psoriatic Arthritis Treatment Market Is Set To Grow

What To Expect At A Cannabis Vape Lounge

How Self-Determination Theory Can Improve Medical Students’ Motivation

How Medical Advancements Could Change Hepatitis B Diagnoses In 2019

Here’s Why The Lab Automation Market Is Growing

Can CBD Oil Lower Your Weight Or Improve Your Cholesterol?

Try These Delicious And Healthy Alternatives To Junk Food

Take These Important Steps To Fight Periodontal Disease

Health Risks Associated With Substance Abuse To Know About

Is It Time to See a Cardiologist?

Can Artificial Intelligence Diagnose Illnesses Better Than Other Methods?

The Complicated Rise of Interventional Cardiologists

How Big Data Can Be Used To Prevent Fatal Heart Attack

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

How a Meal Delivery Subscription Service Can Help You Reach Your Weight Loss Goals

7 Important Health-Related Reasons To Burn Excess Fat

The Weight Conscious Doctor: Why Sensitivity Matters

Top 5 Reasons Why you’re Not Losing Weight on Your Diet

4 Terrible Injuries That Can Happen Because of a Motorcycle Accident

Baby Boomer’s Guide to Dealing with Knee Problems

The Woes Of Modern Posture Struggles And Poor Furniture Support

What Is Scoliosis? 4 Ways To Treat It

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

Can CBD Oil Lower Your Weight Or Improve Your Cholesterol?

Try These Delicious And Healthy Alternatives To Junk Food

Take These Important Steps To Fight Periodontal Disease

Health Risks Associated With Substance Abuse To Know About

Try These Delicious And Healthy Alternatives To Junk Food

Important Key Benefits Of Turmeric To Know About

Here’s How To Trick Yourself Into Exercising More And Staying Motivated