Arik Hesseldahl

Recent Posts by Arik Hesseldahl

Medical Data Is the Next Target for Hackers in 2013

hackers_ver1 cropThe next great target for hackers and digital troublemakers in 2013 is health care records. According to a long report in the Washington Post and based in part on research by the Information Security Institute at Johns Hopkins University, despite numerous technology standards written into federal regulations, the many ways that health care professionals access health information about their patients are riddled with holes.

In one case documented by the Post, residents at the University of Chicago Medical Center used a shared folder on Dropbox that allowed them to access patient records on their iPads. In another, OpenEMR, an open-source medical records system that had been adopted agency-wide by the Peace Corps, was found to have numerous flaws that opened it to attacks by hackers. Many of the weaknesses found were described as being pretty basic — or as one source quoted in the story put it, “security 101.”

Part of the problem is that the last government guidelines on this issue were published in 2005, and thus aren’t up to speed with what are now considered everyday practices.

More troubling than the vulnerabilities — which expose only the potential for an attack — are the anecdotal bits of evidence that attacks are actually taking place. At the Department of Veterans Affairs, there were nearly 200 instances of medical devices infected with malware between 2009 and 2011. In another case, a server in Utah storing Medicaid data on nearly 800,000 people was attacked earlier this year. The attack was traced to a server in Eastern Europe, though as is always the case with these things, it’s impossible to know exactly where the person carrying out the attack was situated.


Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik