Editor
Current FBI Director James Comey said to cover your laptop camera. Mark Zuckerberg does it too as well as his laptop speakers. And with the recent WikiLeaks news, it made me wonder about how concerned should I be about getting hacked?
I’m pretty sure that I’m not important enough to have my laptop, cellphone, or smart TV hacked. I mean, if someone wants to watch me lay on the couch, eat candy, and watch Netflix for five hours, I’d be surprised.
However, after listening to stories from industry leaders at HIMSS2017, I realized the potential for breaches that could and do happen in the healthcare industry. We should all be concerned.
No one wants to have their identity stolen, including me. David Finn said in the Symantec survey on page 12, “That’s really what security in the provider setting is: it’s taking care of your patients.” I’d like to think that the doctors’ offices I visit have my best interest at heart and have the right security protocols in place, but I can’t be too sure. We’ve been told to ask whether they washed their hands, but it’s never occurred to me to ask them about their part in protecting my electronic health records (EHRs). And honestly, I’m not sure the answers I’d get would comfort me. I can say with absolute certainty that no doctor, or other staff member at an office, or even a member of a hospital staff has ever discussed their security measures with me. Should they be? I don’t know, but perhaps as a patient, it’s time to start a dialogue so as a consumer I can be sure that my EHRs aren’t at risk.
Most security breaches in the healthcare industry, and of course others, have been internal. But I’m afraid that won’t be the case anymore. What’s even scarier is the potential for outside hackers to start taking this to the next level. How are medical facilities protecting themselves from being watched through one of their computer cameras or TVs? After the WikiLeaks debacle, I’m curious to see next time I head to an appointment if any of the cameras that are sitting around in the exam rooms are covered. Now that we know that it’s completely possible we are being watched, will public figures and those in the spotlight be more careful about what they discuss in a medical setting? And what happens if an important figurehead has their pacemaker hacked? Or an important device in the operating room is tampered with?
Security was an important topic at HIMSS. Frank Abagnale, the 40-year veteran of the FBI on forgery, fraud, and embezzlement and self-described conman whose story was made into the film Catch Me if You Can spoke there.
“Every breach occurs because someone in that company did something they were not supposed to do or because someone in that company failed to do something they were supposed to do,” Abagnale said. “There is not a master hacker sitting in Russia who will get through the company. The hacker will say, ‘I am not getting into JP Morgan Chase because they spend a fortune every year on cybersecurity, but they employ 200,000 people worldwide, so all I am looking for is one of those people who failed to do something they were supposed to or did something they were not supposed to do.’”
To err is human, as they say. I think the real answer is better training in healthcare facilities about security. If everyone employed at a physician’s office, for example, was educated on the dangers of a breach and the consequences it could cause, perhaps it would lead to each and every member of a staff being more vigilant about cybersecurity.
As the new editor for HMT, I welcome your feedback at [email protected].