Home » Advisory Panel » Currently Reading:

Advisory Panel: Web Hackers

May 16, 2014 Advisory Panel No Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This question this time: Have web hackers ever impacted your operation?

Hackers did once penetrate our organization. They never got close to any HIPAA-related data. What they did do is get into our phone systems so that they could make international calls for free for a short time until we shut things down.

We have not seen any specific attacks or hacks. We have had several security audits, so I believe we are well documented and not just whistling past the graveyard. I know that larger providers in our area have had these types of attacks but I think we remain below the radar.

Aside from a virus outbreak many years ago, we have not had any known breaches or attacks that have affected our operations.

Our organization has not documented DDOS attacks, unauthorized network access, or server compromises. 

Not yet. We do penetration testing / white hat hacking to help reduce our risks. I am not sure if any organization can ever reduce their risks to zero.

No. The bigger issue has been phishing.

So far, no. We use some network appliances that monitor and protect the perimeter. I’m sure it will happen some day!

Fortunately we haven’t had any major attacks or unauthorized network access. Roughly five years ago we did experience a compromised windows 2003 server hosting DNS externally for our organization. It was a known OS vulnerability and we didn’t have it patched on time. At the end of the experience we ended up removing and rebuilding the server vs. attempting to correct the unauthorized access.

We have not had any impact to date, though there have most certainly been attempts. I have a very talented IT security team that does an amazing job every day to keep us safe. I do have concerns, however, about the increasing attempts to hack us through biomedical devices. This is not an area where these vendors are very robust, so we are building capabilities to better monitor and support security in this area.

No. However, we are concerned about our ability to monitor and discover these types of activities. We continue to focus our security efforts to create a multi-layered infrastructure and provide better discovery tools for our staff members. We also feel it is important to implement as many “self-healing” security services as possible (example: the system can “see” a phishing message and automatically create a rule that protects our users, even if they click on the link).

Not hackers, but a virus. Lesson learned. Remove the exclusions from all application servers on a regular basis and run virus scan. Applications that will not run with AV scanning certain directories are places for a virus to take hold. Implementing an IPS and proper network design can help minimize the impact when something does take place.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors































































Gold Sponsors















Reader Comments

  • richie: Wonderful topic (I'm biased as I strive to implement systems I'd want, prior to my own long-term care becoming imminent)...
  • richie: Thanks Ed, I'm impressed by your ability to pursue new endeavors....
  • Melissa: I have enjoyed your posts every month, and have followed you through your life changes as well as mine. Thank you for a...
  • Edward Marx: That would make for a good post! Let me think on it and look for me on LinkedIn....
  • Rebecca: Thank you, Ed. I always looked forward to your posts - they were a validation to me that you don't have to have to be a...
  • Lee David Milligan: Rob: thanks for the comment. Agree with your point re: unique expectations and complexity....
  • Shelly: Thank you Ed for taking the time to invest in the industry as you have done - with this blog as a sounding board for CIO...
  • Appreciatve: Thanks,, Ed. This was a very nice piece, and telling of what you cherish most. There is one topic that I am not cert...
  • Rob Price: Excellent information and quite consistent with my experiences since 1999 working with three different software companie...
  • Cosmos: Thank you for the interesting article. FYI - the terms "Severe Sepsis" and "Septicemia" are no longer in common use, ...

Sponsor Quick Links