https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • MSP 501 Rankings
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Data Leak

Epic HIPAA Fail: Over 1 Billion Medical Records Exposed Online

  • Written by Pam Baker
  • January 17, 2020
Millions of medical images are leaking onto the internet every day.

Repeated warnings from security researchers fell on deaf ears as doctors and hospitals ignored the risks and millions of medical images leaked onto the internet every day, according to a joint report by TechCrunch and health news site The Mighty. Researchers spent weeks notifying healthcare providers and institutions to no avail. It appears that even a massive HIPAA violation isn’t enough to make security a priority issue.

Comforte's Felix Rosbach

Comforte’s Felix Rosbach

“While it is not always possible to prevent malicious access, sophisticated data protection is a must when processing and storing sensitive information — especially PII and health care records. These are core requirements of data privacy regulations like HIPAA and GDPR, and there might be fines coming up for this,” said Felix Rosbach, product manager at data security company comforte AG.

Unfortunately, cybersecurity is given little priority in health care environments, despite heavy regulations pushing the need for it.

“Often, security compliance is managed as a subset of medical compliance, and therefore cybersecurity takes a back seat,” said Colin Bastable, CEO of security awareness and training company Lucy Security.

Knowledge gaps on how networks and systems work are contributing factors in security issues as well.

“Unfortunately, most of the medical world thinks it exists in isolation, in its own private cloud, which is clearly unrealistic. It often appears that most medical professionals don’t understand that so much information is globally accessible,” said Bastable.

“It’s no wonder health care tops the charts every year as the No. 1 at-risk sector for cybercriminals,” Bastable added.

The most common cause for medical image and data leakage is found in network configurations.

Juniper Networks' Mounir Hahad

Juniper Networks’ Mounir Hahad

“Generally speaking, in this kind of situation, it’s the configuration of the network which is at fault before anything else. No system handling sensitive data should be accessible from the internet without the need for a VPN or some strong authentication method. The DICOM protocol itself was developed a long time ago and did not take into consideration the implications of cybersecurity,” said Mounir Hahad, head of Juniper Threat Labs at Juniper Networks.

Some health care companies try to add security by moving to the cloud, often with mixed results.

“It is often the case when legacy applications are moved from fortified data centers into cloud environments that data leaks occur. Those applications and databases may not have the adequate security considerations to guarantee confidentiality of data; therefore, it is necessary to resort to technologies like secure software-defined networks to provide deployment security,” Hahad added.

MSSPs serving the health care industry clearly have their work cut out for them, not only in terms of adding layers of security and increasing educational efforts to include lessons on how medical data and images leak online, but in persuading the medical community to take a more comprehensive and less patchwork approach to security.

“Insecurity is compounded by the highly fragmented and outsourced nature of the U.S. health care landscape. The need for multiple parties to have prompt access to all medical data ensures that convenient access takes precedence over basic authentication and authorization security,” Bastable said.

Even so, health care isn’t that much different from other types of businesses, at least in terms of risk exposure.

“The massive amount of data sets combined with the number of freely accessible PACS systems that were configured in similar ways shows that protecting data still is a major challenge for organizations in all verticals,” said Rosbach.

Tags: MSPs Cloud and Edge MSSP Insider Network Security

Most Recent


  • IT Nation Secure Solutions Pavilion 2023 Feature
    IT Nation Secure Images: Solutions Pavilion with ThreatLocker, SentinelOne, Cisco, Trend Micro, More
    This week's Solutions Pavilion included a record number of exhibitors.
  • Cisco's Jeetu Patel on stage at Cisco Live 2023, Cisco Webex
    Cisco Webex Gets Generative AI Boost, AT&T Network Integration
    In the meantime, AT&T is targeting SMBs with a new self-service platform.
  • Imperva partner program redesigned with 3 tiers
    Imperva Partner Program Redesigned with 3 New Tiers
    Partners can engage in one of four go-to-market strategies.
  • Deep Instinct makes two hires
    Deep Instinct Names Leaders to Prioritize Cybersecurity Focused on Prevention
    The industry is at a tipping point with the rise of generative AI.

One comment

  1. Avatar Robert M January 21, 2020 @ 8:11 am
    Reply

    The practice of anonymizing data By design would help make such breached les critical.
    Data privacy and security by design is still lacking as we can see by the large data breaches in the press but higher awareness should help close the gap.

    On the political front the concept of pre-existing condition and differentiated health treatment needs to disappear and health insurance needs to change into a more standardized format based on a simple objective criteria like Age maybe with a small universal multiplier for smokers and obese people town outage a behavioral change with a small savings.

    Once there is no advantage of screening for savings the real focus goes to screen for prevention which would help society a lot more. Right now we got insurance all wrong and need to start looking at insurance more like a financial instrument to ensure our future health with prompter anf higher quality service.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • College classroom
    Community College Ransomware Attack Wreaks Havoc
  • White House
    White House to Private Sector SMEs: Get Serious About Cybersecurity
  • zero trust security
    Leveraging Partner Expertise to Build a Zero-Trust Strategy
  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office

Upcoming Events

View all

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Galleries

View all

Sorry Americas, EMEA Channel Partners Still Lead in Sustainability

June 8, 2023

Generative AI and Cloud: Google, Salesforce, Bessemer, BCG Chime In

June 7, 2023

IT Nation Secure Images: Solutions Pavilion with ThreatLocker, SentinelOne, Cisco, Trend Micro, More

June 7, 2023

Industry Perspectives

View all

Identity Is Increasingly Valuable – and Targeted

May 18, 2023

Gaining a Competitive Advantage through AV Managed Services

May 10, 2023

How to Build an Organization That Attracts and Retains Talent

May 1, 2023

Webinars

View all

From Problem to Profit: Mastering the Science of Selling Using Business Outcomes

May 9, 2023

Meet the 2023 Channel Futures Channel Influencers

April 13, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode No. 123: MartinWolf M&A Advisors, CP Expo Preview

UScellular Takes On Rivals with Partner Program Simplicity

April 21, 2023

OpenText Simplifying Deal Registration, Doubling Down on MDF

April 21, 2023

Everything-as-a-Service: CloudBlue Touts Critical Customer Transition

April 18, 2023

Twitter

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X