Hacking Electronic Health Records - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Security & Privacy
News
12/5/2013
08:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Hacking Electronic Health Records

How a dangerous security flaw discovered in one of the most pervasive electronic medical record platforms in the U.S. was found and fixed before it could do damage.

Graduate student Doug Mackey was starting to wonder whether his research on the security of one of the nation's most ubiquitous electronic health records (EHR) software platforms was so interesting after all. A month of poking around for vulnerabilities in the simulated EHR system he had fashioned in a makeshift lab in his apartment hadn't turned up anything out of the ordinary in the code.

But then one day this spring, he spotted something in a second interface he was testing that shocked him: "It was very quickly obvious that it had no real security at all," says Mackey, a student in Georgia Tech's information security program. "I was quite surprised."

Mackey had discovered a major logic flaw in a key component of the code in the so-called VistaA (Veterans Health Information Systems and Technology Architecture) software, a platform originally built by the U.S. Veterans Administration for internal use at its hospitals and clinics, and later handed over to the open-source community to further its development and adoption across the entire health-care industry. It's one of the most widely adopted platforms for EHR in the country by VA and commercial hospitals and clinics, and it has also gained some traction overseas.

Read the rest of this article on Dark Reading.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TerryB
100%
0%
TerryB,
User Rank: Ninja
12/5/2013 | 1:49:58 PM
Re: More security needed
Yeah, 3rd party, middleware security solutions are the answer. Sure they are.

 

Go watch the old movie The Net and then come back and post some more on this. And, no, don't post about how Sandra Bullock is hottest programmer ever, if her character was real.
JABUSAMRA208
100%
0%
JABUSAMRA208,
User Rank: Apprentice
12/5/2013 | 9:55:43 AM
Re: hack
Good question, David. In the case of DrFirst, they've brought in some big guns from the medical and technology fields, but your question is very valid.
David F. Carr
100%
0%
David F. Carr,
User Rank: Author
12/5/2013 | 9:41:13 AM
Re: hack
This one was a government IT system and one that's been around for a while. I wonder if commercial products would be more or less vulnerable.
JABUSAMRA208
50%
50%
JABUSAMRA208,
User Rank: Apprentice
12/5/2013 | 9:07:20 AM
More security needed
With the proliferation of electronic health records, we will unfortunately be seeing more of these stories. Security will become increasingly important in the recording, storing and transferring of information. The private sector is becoming more attentive to this area. with companies like DrFirst providing robust solutions for securing not only health care information, but also for the communication among healh care providers.
Ariella
50%
50%
Ariella,
User Rank: Author
12/5/2013 | 8:57:52 AM
hack
This one was caught, but it does make you wonder about all the vulnerabilities that were not spotted before a hacker makes use of them.
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll