The discussion around healthcare security usually centers on concerns about privacy and the need to secure patient data. But research from one infosec consultancy finds that in the haste to comply with increased regulations and rules for protecting patient information, hospitals are overlooking security holes when it comes to human health.
Vulnerabilities in health equipment, both active (for example, pacemakers), and passive (e.g., vital-sign monitors), mean that hackers could potentially harm (or kill) a patient staying at a healthcare facility. With many security teams at hospitals understaffed and looking for resources, this has the potential to be a large problem that may take years to fix.
In the latest episode of Security Sessions, I spoke with Ted Harrington from Independent Security Evaluators. The consulting and research firm recently conducted a two-year study that looked at a wide variety of security issues that hospitals face, and the results are eye opening.
Among the highlights of the video, which you can watch below, are the following sections:
1:02 An overview of the “Securing Hospitals” study
2:50 Why patient health security isn’t being safeguarded compared with patient data and privacy.
05:51 If a hacker hasn’t accomplished this yet, are we just spreading fear, uncertainty and doubt?
07:30 In what areas are hospitals falling short, and why do those shortcomings exist?
10:00 Plans and recommendations for health care groups on how to be more pro-active on the issue.