I used to work extensively with PACS and healthcare systems, including security. The state of medical information security is dismal in spite of the potential magnitude of HIPAA (U.S. medical data...
I used to work extensively with PACS and healthcare systems, including security. The state of medical information security is dismal in spite of the potential magnitude of HIPAA (U.S. medical data privacy law) fines.
The immediate needs of patient care supercede the often labyrinthine requirements for proper systems authentication and access control. In the U.S., at least, so many entities must exchange data and images for consults, orders, billing, insurance, patient transfers, etc., that maintaining secure communication among them is more costly than most small medical practices can afford.
In hospitals, the complexity of literally hundreds of different software products and proprietary devices makes proper network management outrageously complex. Proper patch management takes a very low priority when it risks (a real-life example) disabling the PACS software for a hospital's only million-dollar MRI machine.
I could rant about this all day, and it's really not just a U.S.-only technical debt problem. I'd encountered a figure the other day suggesting that NHS clinicians have to log into something like 24 different systems to properly document and care for patients. The odds of Post-It password management, or worse, are quite high under the circumstances.
That's fair, and I certainly don't want technology getting in the way of a doctor saving my life. But it shouldn't even be possible to put your database on the network without it having a...
That's fair, and I certainly don't want technology getting in the way of a doctor saving my life. But it shouldn't even be possible to put your database on the network without it having a password. The developers shouldn't allow that configuration to exist. Honestly, Post-It password management is infinitely better than no management when any kid on the internet can read all of your patient's data if it's not password protected.
As to public database exposure, tell that to everyone who's had an ElasticSearch breach in the last couple of years. ElasticSearch developers did allow insecure configurations to exist in...
As to public database exposure, tell that to everyone who's had an ElasticSearch breach in the last couple of years. ElasticSearch developers did allow insecure configurations to exist in community versions, and upcharged for the security features necessary to manage the configurations properly.
The PACS image exposure problem exists in part because telehealth needs and opportunities are growing. When you can get radiologists 2,000 km away remote-connected to read your rural hospital ER images within ten minutes, you do it and worry about maximizing security afterward.
Several of the common PACS products I'm familiar with were only intended for local authentication, and don't even implement LDAP. And yes, these products have installation instructions that specify enabling host web services (and public network shares for archives), usually to permit use of client browsers for frontend UI display, backups, etc. The small practices aren't even aware that they're at risk of exposure, and they often enable firewall access for remote staff as direct port-forwards. There's no question it's bad design, the most sophisticated hospital network managers can't always ensure there's no public Internet exposure under the circumstances.
Every day, millions of new medical images containing the personal health information of patients are spilling out onto the internet.
...
About half of all the exposed images, which include X-rays, ultrasounds and CT scans, belong to patients in the United States.
...
Yet despite warnings from security researchers who have spent weeks alerting hospitals and doctors’ offices to the problem, many have ignored their warnings and continue to expose their patients’ private health information.
I used to work extensively with PACS and healthcare systems, including security. The state of medical information security is dismal in spite of the potential magnitude of HIPAA (U.S. medical data privacy law) fines.
The immediate needs of patient care supercede the often labyrinthine requirements for proper systems authentication and access control. In the U.S., at least, so many entities must exchange data and images for consults, orders, billing, insurance, patient transfers, etc., that maintaining secure communication among them is more costly than most small medical practices can afford.
In hospitals, the complexity of literally hundreds of different software products and proprietary devices makes proper network management outrageously complex. Proper patch management takes a very low priority when it risks (a real-life example) disabling the PACS software for a hospital's only million-dollar MRI machine.
I could rant about this all day, and it's really not just a U.S.-only technical debt problem. I'd encountered a figure the other day suggesting that NHS clinicians have to log into something like 24 different systems to properly document and care for patients. The odds of Post-It password management, or worse, are quite high under the circumstances.
That's fair, and I certainly don't want technology getting in the way of a doctor saving my life. But it shouldn't even be possible to put your database on the network without it having a password. The developers shouldn't allow that configuration to exist. Honestly, Post-It password management is infinitely better than no management when any kid on the internet can read all of your patient's data if it's not password protected.
As to public database exposure, tell that to everyone who's had an ElasticSearch breach in the last couple of years. ElasticSearch developers did allow insecure configurations to exist in community versions, and upcharged for the security features necessary to manage the configurations properly.
The PACS image exposure problem exists in part because telehealth needs and opportunities are growing. When you can get radiologists 2,000 km away remote-connected to read your rural hospital ER images within ten minutes, you do it and worry about maximizing security afterward.
Several of the common PACS products I'm familiar with were only intended for local authentication, and don't even implement LDAP. And yes, these products have installation instructions that specify enabling host web services (and public network shares for archives), usually to permit use of client browsers for frontend UI display, backups, etc. The small practices aren't even aware that they're at risk of exposure, and they often enable firewall access for remote staff as direct port-forwards. There's no question it's bad design, the most sophisticated hospital network managers can't always ensure there's no public Internet exposure under the circumstances.