Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

e-Health vulnerability statement

Cyber Secure Institute : 02 July, 2009  (Technical Article)
The Cyber Secure Institute updates e-Health vulnerability analysis in light of Virginia Health Professions hack
Rob Housman, the Executive Director of the Cyber Secure Institute, has released this statement concerning new information about the recent hack of the Virginia Department of Health Professions and vulnerabilities with insecure e-Health systems:

Recently the Institute analyzed the ramifications of IT vulnerabilities for the push towards e-Health. Our analysis focused to an extent on the recent hack of a Virginia State prescription drug database. This week Virginia State officials testifying before State legislators said that they are now receiving reports that doctors are hesitant to prescribe more potent painkillers to patients because of the hack and the vulnerabilities inherent in the database.

The Associated Press reports:

A House panel learned that powerful drugs such as Oxycontin, Valium, Vicodin and Ritalin are being withheld because pharmacists can't check with the prescription drug database that still allows limited access.

This is precisely the sort of real world health impact from cyber shortcomings that the Institute's analysis discussed.

If hackers can continue to be able to access vital health records almost at will, then they will have the ability to steal records, alter information, or simply deny access. Or, as with what has happened in the energy sector, they could simply use the power to take these systems offline to extort untold sums of money. As bad as compromising a prescription drug database may be, imagine if the database that was taken down had the real time medication data for a patient arriving at an emergency room in extreme distress. How much could you be compelled to pay if a hacker had your life in the balance? Or the lives of hundreds of thousands of patients?

For these reasons the Institute continues to advocate that the first step in building an e-Health system has to be the development of an essentially hack proof digital infrastructure that has security designed in from the start—not yet another bolt on system of firewalls and forensics that is inherently insecure. Such a secure infrastructure must utilize only technologies that are tested by third party experts—preferably the NSA and NIST—against established, national standards. Such testing must include extensive penetration testing, even with the source code. And, only technologies that can meet these requirements should be part of the national e-Health infrastructure. A good place to start are technologies like those of Integrity Global Security and Tenix, which are NSA certified secure against even hostile, intentional, sophisticated attempts to penetrate them.

In summary, the mantra for e-Health must begin with the Hippocratic Oath's promise to "First do no harm." An insecure e-Health system cannot live up to that oath.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo