https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Data Leak

Epic HIPAA Fail: Over 1 Billion Medical Records Exposed Online

  • Written by Pam Baker
  • January 17, 2020
Millions of medical images are leaking onto the internet every day.

Repeated warnings from security researchers fell on deaf ears as doctors and hospitals ignored the risks and millions of medical images leaked onto the internet every day, according to a joint report by TechCrunch and health news site The Mighty. Researchers spent weeks notifying healthcare providers and institutions to no avail. It appears that even a massive HIPAA violation isn’t enough to make security a priority issue.

Comforte's Felix Rosbach

Comforte’s Felix Rosbach

“While it is not always possible to prevent malicious access, sophisticated data protection is a must when processing and storing sensitive information — especially PII and health care records. These are core requirements of data privacy regulations like HIPAA and GDPR, and there might be fines coming up for this,” said Felix Rosbach, product manager at data security company comforte AG.

Unfortunately, cybersecurity is given little priority in health care environments, despite heavy regulations pushing the need for it.

“Often, security compliance is managed as a subset of medical compliance, and therefore cybersecurity takes a back seat,” said Colin Bastable, CEO of security awareness and training company Lucy Security.

Knowledge gaps on how networks and systems work are contributing factors in security issues as well.

“Unfortunately, most of the medical world thinks it exists in isolation, in its own private cloud, which is clearly unrealistic. It often appears that most medical professionals don’t understand that so much information is globally accessible,” said Bastable.

“It’s no wonder health care tops the charts every year as the No. 1 at-risk sector for cybercriminals,” Bastable added.

The most common cause for medical image and data leakage is found in network configurations.

Juniper Networks' Mounir Hahad

Juniper Networks’ Mounir Hahad

“Generally speaking, in this kind of situation, it’s the configuration of the network which is at fault before anything else. No system handling sensitive data should be accessible from the internet without the need for a VPN or some strong authentication method. The DICOM protocol itself was developed a long time ago and did not take into consideration the implications of cybersecurity,” said Mounir Hahad, head of Juniper Threat Labs at Juniper Networks.

Some health care companies try to add security by moving to the cloud, often with mixed results.

“It is often the case when legacy applications are moved from fortified data centers into cloud environments that data leaks occur. Those applications and databases may not have the adequate security considerations to guarantee confidentiality of data; therefore, it is necessary to resort to technologies like secure software-defined networks to provide deployment security,” Hahad added.

MSSPs serving the health care industry clearly have their work cut out for them, not only in terms of adding layers of security and increasing educational efforts to include lessons on how medical data and images leak online, but in persuading the medical community to take a more comprehensive and less patchwork approach to security.

“Insecurity is compounded by the highly fragmented and outsourced nature of the U.S. health care landscape. The need for multiple parties to have prompt access to all medical data ensures that convenient access takes precedence over basic authentication and authorization security,” Bastable said.

Even so, health care isn’t that much different from other types of businesses, at least in terms of risk exposure.

“The massive amount of data sets combined with the number of freely accessible PACS systems that were configured in similar ways shows that protecting data still is a major challenge for organizations in all verticals,” said Rosbach.

Tags: MSPs Cloud and Edge MSSP Insider Network Security

Most Recent


  • Joint selling
    Tanium Unveils New Technology Partner Program for Joint Solutions
    Access to real-time endpoint data promotes zero-trust security.
  • Must See
    IBM, F5, Appgate, Axonius, CyberGRX Among 'Must-See' Vendors at RSA
    EMA said these vendors provide products and solutions that are some of the best in the industry.
  • Business building block growth
    So You Want to Build a Microsoft Practice? Here's What It Will Take
    “It's a labor of love, and it didn't happen overnight," Jim Campbell of Opkalla said.
  • Compliance Issues
    ConnectWise Enhances Innovation, Partner Experience with Additions to Leadership Team
    Todd Hale becomes ConnectWise CIO and Ciaran Chu will lead the innovation business unit as general manager, ConnectWise Control.

One comment

  1. Avatar Robert M January 21, 2020 @ 8:11 am
    Reply

    The practice of anonymizing data By design would help make such breached les critical.
    Data privacy and security by design is still lacking as we can see by the large data breaches in the press but higher awareness should help close the gap.

    On the political front the concept of pre-existing condition and differentiated health treatment needs to disappear and health insurance needs to change into a more standardized format based on a simple objective criteria like Age maybe with a small universal multiplier for smokers and obese people town outage a behavioral change with a small savings.

    Once there is no advantage of screening for savings the real focus goes to screen for prevention which would help society a lot more. Right now we got insurance all wrong and need to start looking at insurance more like a financial instrument to ensure our future health with prompter anf higher quality service.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • College classroom
    Community College Ransomware Attack Wreaks Havoc
  • White House
    White House to Private Sector SMEs: Get Serious About Cybersecurity
  • zero trust security
    Leveraging Partner Expertise to Build a Zero-Trust Strategy
  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

IBM, F5, Appgate, Axonius, CyberGRX Among ‘Must-See’ Vendors at RSA

May 25, 2022

So You Want to Build a Microsoft Practice? Here’s What It Will Take

May 25, 2022

Cisco Hybrid Cloud Trends Report Indicates Important Uptake

May 25, 2022

Industry Perspectives

View all

Leverage Your MSP’s People Power

May 24, 2022

How SD-WAN Helps Secure the Expanding Network Perimeter

May 19, 2022

A Sneak Peek at the 2022 BrightCloud Threat Report

May 17, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

.@Tanium launches new Technology Partner Program. #endpointdata dlvr.it/SR3pvw https://t.co/5DL6gvTAhX

May 25, 2022
ChannelFutures

EMA's picks for must-see vendors at next month's @RSAConference: @AppGateSecurity, @AxoniusInc, @coalfire,… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Jim Campbell of @opkalla shared how the consultancy built a Microsoft gold partner CSP business in 18 months.… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

.@Nable's new N-hanced Services empower partners to leverage N-able’s full breadth of experience and expertise, the… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Work Goes Remote – (and Other Top ITOps Trends) dlvr.it/SR3d06

May 25, 2022
ChannelFutures

.@ConnectWise adds two executives to its leadership team: Todd Hale as CIO and Ciaran Chu as GM of ConnectWise Cont… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

.@Intuit vet joining @McAfee as its new president and CEO. #cybersecurity dlvr.it/SR3c0s https://t.co/GH5cJzTq8F

May 25, 2022
ChannelFutures

Verbal and written interactions contribute to the way we communicate and work with others. Join us tomorrow for a v… twitter.com/i/web/status/1…

May 25, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X