Home » Advisory Panel » Currently Reading:

Advisory Panel: Web Hackers

May 16, 2014 Advisory Panel No Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question this time: Have web hackers ever impacted your operation?


Hackers did once penetrate our organization. They never got close to any HIPAA-related data. What they did do is get into our phone systems so that they could make international calls for free for a short time until we shut things down.


We have not seen any specific attacks or hacks. We have had several security audits, so I believe we are well documented and not just whistling past the graveyard. I know that larger providers in our area have had these types of attacks but I think we remain below the radar.


Aside from a virus outbreak many years ago, we have not had any known breaches or attacks that have affected our operations.


Our organization has not documented DDOS attacks, unauthorized network access, or server compromises. 


Not yet. We do penetration testing / white hat hacking to help reduce our risks. I am not sure if any organization can ever reduce their risks to zero.


No. The bigger issue has been phishing.


So far, no. We use some network appliances that monitor and protect the perimeter. I’m sure it will happen some day!


Fortunately we haven’t had any major attacks or unauthorized network access. Roughly five years ago we did experience a compromised windows 2003 server hosting DNS externally for our organization. It was a known OS vulnerability and we didn’t have it patched on time. At the end of the experience we ended up removing and rebuilding the server vs. attempting to correct the unauthorized access.


We have not had any impact to date, though there have most certainly been attempts. I have a very talented IT security team that does an amazing job every day to keep us safe. I do have concerns, however, about the increasing attempts to hack us through biomedical devices. This is not an area where these vendors are very robust, so we are building capabilities to better monitor and support security in this area.


No. However, we are concerned about our ability to monitor and discover these types of activities. We continue to focus our security efforts to create a multi-layered infrastructure and provide better discovery tools for our staff members. We also feel it is important to implement as many “self-healing” security services as possible (example: the system can “see” a phishing message and automatically create a rule that protects our users, even if they click on the link).


Not hackers, but a virus. Lesson learned. Remove the exclusions from all application servers on a regular basis and run virus scan. Applications that will not run with AV scanning certain directories are places for a virus to take hold. Implementing an IPS and proper network design can help minimize the impact when something does take place.


View/Print Text Only View/Print Text Only


HIStalk Featured Sponsors

     







Subscribe to Updates

Search


Loading

Text Ads


Report News and Rumors

No title

Anonymous online form
E-mail
Rumor line: 801.HIT.NEWS

Tweets

Archives

Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reader Comments

  • CC: @WizKid What department of Cerner/CPSI/eCW do you work in?...
  • rxpete: RE:AMA to Unleash a New Era of Patient Care -- Waiting for the new era when the CPT code library is available without a ...
  • Elizabeth West: Interesting piece on NBC News tonight about this topic. Some patients pay MORE via their co-pay than an uninsured patie...
  • In Poor Taste: Loading up on wine futures? Really??...
  • Just a Reader: How can premiums skyrocket when Obamacare is enacted AND when it is repealed? Seems like the insurance companies are...

Sponsor Quick Links