Freemium Devils

A blog about internet security, ethical hacking, geek softwares and much more

Risks in health informatics security —

Information in health institutions should by no means be in the internet cloud. Connectivity networks should be used where access to the cloud is completely blocked.

This article was initially oriented to the analysis of computer security in telemedicine. But given the circumstances presented in the last five years in the global environment, and to which I will refer later, I decided that the spectrum should be extended to the entire health sector.

Today, thanks to the internet, the world is facing an unprecedented avalanche of information. Facebook, Instagram, Twitter, Skype, WhatsApp, etc., are part of daily life in global communication. In many cases, without fear of exaggeration, we can no longer live outside these applications, we need them and we use them daily. For nobody is a secret the marked vulnerability of the computer network that we use every day; Examples are thousands. The world press illustrates this with spurious penetrations by hackers to the pentagon in the United States of America, the FBI, banks, governments, like the case of WikiLeaks, in short, the list is endless.

When we refer to healthcare institutions, which have advanced significantly in computer processes, we usually do not express concern about spurious penetrations of hackers. Only when a scandal of this kind here and there, we see a short note in the media that refers to the subject, and this is worrying if we remember that the world considers legislation medical patient information strictly confidential . Let us start from the beginning: absolutely, without exception, all medical information hosted on computers and servers health institutions is only in custody of the latter, are not the owners of such information, the sole owner of it is the patient . The health personnel who are reading this article know and know to the sake of the confidentiality that exists between doctors and patients. For illustration of readers, I quote some cases demonstrating that security health can not be taken lightly.

In March 2014, the database contained in 27 DVDs of patients belonging to the NHS health system of the United Kingdom was handed over to a group of consultants, who uploaded the information to Google servers outside the UK. The consequences of this are summarized in four sensitive situations: 1. The police had “back door” access to outpatient and inpatient medical records. 2. Data were used to locate patients by third parties. 3. Organizations such as pharmaceutical laboratories, insurance companies and private health providers have purchased patients’ medical records since 1999. 4. The information extracted contained the person’s NHS number, date of birth, postal code, ethnicity and gender. Patient groups wondered: what guarantees exist to protect the privacy of medical information?

In May 2014, two American health organizations, Presbyterian Hospital of New York and Columbia University, due to two factors: storage of medical information on servers with access to the Internet cloud and lack of efficient security measures , Caused that the information of 6,800 patients, among them histories, medicines administered, results of clinical laboratory, etc., will finish in the search engines web. The irregularity was detected later, when a person noticed on the internet that his partner had died. This situation, investigated by the Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR), resulted in fines for the Presbyterian Hospital in New York and the University of Columbia they totaling $ dollars 4.800.000.oo, together with this warning: ” When health entities involved in compliance agreements, which can be set, share the burden of dealing with the risks of protected patient information” , Said Christina Heide, Medical Clinic Kirwan, Deputy Director of Health Privacy Information for the Office of Civil Rights (OCR). ” Our cases against NYP and CU should remind organizations of health care need to be given priority in data security and how they manage their health information systems” .


Categorised as: Uncategorized



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>