Internal issues are a bigger health IT security threat than hackers

A security consultant tells Healthcare IT News in an interview that security threats to the information systems of healthcare organizations are proliferating with the growth of mobile devices, embedded devices, virtualization software, social media and IT consumerization. But a recent study on health data losses cast doubts on some of his assertions.

Frank Andrus, chief technology officer of Bradford Networks, a security firm in Concord, N.H., says that the operating systems of mobile devices are targets for virus attacks. The use of "network access control" (NAC) solutions could help organizations fend these off, he adds.

Tablets, other mobile devices, medication scanners, patient-monitoring systems and imaging devices all have embedded connectivity that is vulnerable to viruses, Andrus continues. And many healthcare systems are using "virtualization" strategies that allow them to run multiple applications on the same server. Hosted virtualized desktops, Andrus says, have the same security issues that real PCs do, so organizations should deploy programs to protect them against attack, as well.

It all sounds logical, and following Andrus' recommendations can undoubtedly safeguard patient data better than many organizations currently do. But a new report that analyzes data from the Department of Health and Human Services (HHS) finds that hacking was involved in just 6 percent of data loss incidents. Physical theft, human error, and misplacement of computers and mobile devices were responsible for most of the security breaches.

What do you think? Is Andrus on the right track with his warnings and suggestions? Or do we need to just be more careful with our devices?

To learn more:
- read the Healthcare IT News piece
- see the InformationWeek Healthcare article on health data losses 

Suggested Articles

Nearly 10,000 patients involved in research studies were impacted by a third-party privacy breach that may have exposed their medical diagnoses.

Veterans Health Administration medical facilities currently have a paper medical record backlog that if stacked up would be 5.15 miles high, according to the…

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.