Hospitals 'very sloppy' about security efforts

Healthcare facilities are constantly in danger of being hacked and having data stolen, but two researchers have found that many hospitals themselves leak valuable information online.

The data leaks result from network administrators enabling Server Message Block, or SMB, which, when configured a certain way, broadcasts the data externally, researchers Scott Erven, head of information security for Essentia Health, and Shawn Merdinger, an independent healthcare security researcher and consultant, shared in a recent Wired article.

SMB is a protocol used by administrators to quickly identify, locate and communicate with computers and equipment connected to an internal network, according to the article. Erven and Merdinger found that hospitals misconfigure the SMB service, which allows outsiders to see it. 

Security issues at healthcare facilities are nothing new, and the SMB protocol vulnerability is just another problem to add to a growing list of ways information can be compromised.

"It goes to show that healthcare [organizations are] very sloppy in configuring their external edge networks and are not really taking security seriously," Erven told Wired.

He added that the problems can occur because of too much focus on HIPAA compliance--which causes providers to pay too little attention to testing and securing their systems.

With a spike in HIPAA fines possible, healthcare facilities may be even more focused on compliance with those standards then working to properly secure their networks.

To that end, even a recent White House report pointed out that HIPAA compliance might not be enough to ensure privacy in the electronic age.

To learn more:
- read the Wired article