Security risks of Technology & Euclid Moments

Security risks of Technology

January 11, 2021

The healthcare industry is becoming more and more dependent on technology usage to get paid what they are owed, to save money, to eliminate manual processes, to reduce costly errors and to improve patient care. Any organizations not taking advantage of technology will likely find themselves battling financial insolvency and struggling to provide the level of care patients have come to expect. It is estimated that approximately 80% of physicians use smartphones and a variety of medical software applications. That kind of technology usage is only the tip of the iceberg. From patient portals, text scheduling reminders, AI systems for decision-making and Bots for conducting repetitive, menial tasks, technology is emerging across the healthcare continuum.

One example of that is OrthoIndy, with 13 locations in Indiana. OrthoIndy is one of the largest orthopedic practices in the U.S. and is the official orthopedic provider for professional sports teams the Indiana Pacers and the Indiana Fever. The practice also provides care for several collegiate sports programs. They utilize AI technology software to do their physician charting for them, based on audio from inside the exam room – from conversations between the physician and the patient – or from brief reflective summaries provided by the physician, post-encounter. This technology has completely eliminated after-hours charting. While this new era of healthcare technology has its benefits, it also delivers its own set of unique challenges. These applications can potentially open up organizations to hackers. It may provide hackers the opportunity to steal sensitive health information. We’ve all heard the stories about PHI and financial records being stolen. Health information is worth about 10 to 20 times that of financial records, such as credit card numbers, on the black market.

Among multiple vulnerabilities while using technology in healthcare is the use of outdated software. Using outdated software can lead to security breaches. In fact, hackers hope your healthcare facility is using older versions of operating systems, browsers, and plugins. It makes stealing your patients’ sensitive information easier for them. Buying older software technology, including databases, operating systems and user software platforms creates additional vulnerability.

Other areas that create vulnerability are embedded devices such as sensors that allow physicians to collaborate with each other and with patients. The number of these devices used is exploding. And of course, patient records stored in the cloud may provide fertile ground for hackers if not properly protected.

According to Healthcare Business and technology, The United States Office of Personnel Management experienced a security breach due to outdated software. The breach exposed the personal information of more than 4 million current and former federal employees. The federal government offered everyone affected identity theft monitoring and insurance.

Not only was the software outdated, but the department also didn’t have a multi-layered security system. That includes firewalls, intrusion detection systems, malware scanners, integrity auditing procedures and local storage encryption tools. These tools are considered standard for all modern software packages that store sensitive information.

In addition to three obvious ways to help protect your environment:  Implementing automated systems to provide security updates,  Installing the latest software versions,  Keeping security protocols updated, there are several other checks, tests and tools that need to be used and completed to further ensure a secure environment. They do so by identifying areas of weakness or visits from unwanted intruders. Those include processes such as manual testing of invalidated or un-sanitized input, broken access control, broken authentication and session management, cross-site scripting (XSS) flaws, buffer overflows (if source code was located), improper error handling, insecure storage, denial of service, insecure configuration management, proper use of SSL/TLS, and anti-virus reliability checking.

These types of Gray Box assessments are performed to identify loopholes in the application from a security perspective. The overall aim of this assessment is to discover the vulnerabilities present in the user facing platform, which could pose an information security risk. There are a variety of excellent tools that may be implemented and used to seek out vulnerabilities and report findings of the assessment. There are also companies who provide excellent service to provide similar functions or services, and it is highly recommended you find out what any new potential software vendors do and use to ensure their system is secure.

Purchasing new software applications goes beyond functionality, pricing, service, and reporting. How secure the system is should never be overlooked and can be discovered. All you need to do is ask for and review their system’s security assessment reports to give you peace of mind and additional assurance that your patient data will be properly safeguarded.