Hacking Electronic Health Records - InformationWeek
IoT
IoT
Healthcare // Security & Privacy
News
12/5/2013
08:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Hacking Electronic Health Records

How a dangerous security flaw discovered in one of the most pervasive electronic medical record platforms in the U.S. was found and fixed before it could do damage.

Graduate student Doug Mackey was starting to wonder whether his research on the security of one of the nation's most ubiquitous electronic health records (EHR) software platforms was so interesting after all. A month of poking around for vulnerabilities in the simulated EHR system he had fashioned in a makeshift lab in his apartment hadn't turned up anything out of the ordinary in the code.

But then one day this spring, he spotted something in a second interface he was testing that shocked him: "It was very quickly obvious that it had no real security at all," says Mackey, a student in Georgia Tech's information security program. "I was quite surprised."

Mackey had discovered a major logic flaw in a key component of the code in the so-called VistaA (Veterans Health Information Systems and Technology Architecture) software, a platform originally built by the U.S. Veterans Administration for internal use at its hospitals and clinics, and later handed over to the open-source community to further its development and adoption across the entire health-care industry. It's one of the most widely adopted platforms for EHR in the country by VA and commercial hospitals and clinics, and it has also gained some traction overseas.

Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TerryB
100%
0%
TerryB,
User Rank: Ninja
12/5/2013 | 1:49:58 PM
Re: More security needed
Yeah, 3rd party, middleware security solutions are the answer. Sure they are.

 

Go watch the old movie The Net and then come back and post some more on this. And, no, don't post about how Sandra Bullock is hottest programmer ever, if her character was real.
JABUSAMRA208
100%
0%
JABUSAMRA208,
User Rank: Apprentice
12/5/2013 | 9:55:43 AM
Re: hack
Good question, David. In the case of DrFirst, they've brought in some big guns from the medical and technology fields, but your question is very valid.
David F. Carr
100%
0%
David F. Carr,
User Rank: Author
12/5/2013 | 9:41:13 AM
Re: hack
This one was a government IT system and one that's been around for a while. I wonder if commercial products would be more or less vulnerable.
JABUSAMRA208
50%
50%
JABUSAMRA208,
User Rank: Apprentice
12/5/2013 | 9:07:20 AM
More security needed
With the proliferation of electronic health records, we will unfortunately be seeing more of these stories. Security will become increasingly important in the recording, storing and transferring of information. The private sector is becoming more attentive to this area. with companies like DrFirst providing robust solutions for securing not only health care information, but also for the communication among healh care providers.
Ariella
50%
50%
Ariella,
User Rank: Author
12/5/2013 | 8:57:52 AM
hack
This one was caught, but it does make you wonder about all the vulnerabilities that were not spotted before a hacker makes use of them.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll