My hand began to throb as the blood returned back to my fingers. I looked down at my wife’s face, which began to relax as her contractions eased. “Please fill out all the highlighted areas and someone will be with you momentarily,” the admission clerk said to me. With the exception of giving up my first-born’s blood I gave them everything they needed in order for the hospital to deem us qualified, such as my address, phone number, SSN, insurance numbers, my employer’s name and address, my email, and both of our driver’s license numbers. Once completed, the clerk took all of the paperwork from my hands and began placing them all onto a printer-scanner to be inputted into my wife’s record. With a touch of a button the information feed into the machine as my entire wife’s and my data flowed throughout the hospital’s network. The clerk bent down to affix the wristband on my wife and with one click we both smiled, as we knew we were embarking on unknown journey. Meanwhile, 10,000 miles away the computer screen flashed notifying of incoming email. The tech moved his mouse over to open the message. With one click all the information of Mr. and Mrs. Bean was captured.
The Printer and Scanner
The media is full of stories where innocent victims fall prey to hackers at every corner. In fact, 40.8 million patients have been affected by these large data breaches only to find that this is the tip of the iceberg of what is yet to come with no protection in sight. While heal
thcare facilities are aware of these threats, many in healthcare IT lack the expertise needed in order to analyze or even solve the simplest chink in their facilities armor. One such overlooked access point is the commonly used wireless printer and scanner. After all, these machines often handle sensitive documents and information as well as provide easy access to a hospital network system. Since most health care facilities overlook this common technology by the time this breech is detected, the damage has already left its carnage for the patient to clean up months to even years after their hospital admission.
It’s time for healthcare facilities to take printer security seriously
The printer and scanner usually costs under $200 dollars so it is easily purchased with little to no red tape involved. However, once a unit is connected to the hospital network it is usually never monitored again. Hackers love these access points because most are not usually password protected especially in older models. Furthermore, if your printers have access via the Internet, a hacker can have limitless access and jumping off points to your networks, by simply rerouting anything that is printed faxed or scanned. Hackers can also send bizarre print jobs, or change its LCD readouts, disrupt service, or even install malware.
So the million-dollar question is why should patients’ trust us with their valuable information when we continue to prove that our systems and personnel lack the ability to safeguard any and all information that is currently being stockpiled?
We Owe It To Our Patients
The first order of business it to admit that we have built systems that can be compromised and that cyber criminals are the expert for identifying and taking advantage of any gaps within our system. Next, each facility should reallocate resources and hire a company whose expertise lies in security assessment. Some of the tops in the field are:
Core Insight Enterprise, Core Security
Redspin, An Auxilio Company
QualysGuard Vulnerability Management, Qualys Inc.
These companies provide testing of the facilities data access points, they identify vulnerabilities, they help to develop action plans and policies, and finally they help prioritize a winning strategy in order to help prevent any data breeches in the future. Remember while we are the experts in providing healthcare to our patients, these companies are the leading experts in monitoring and preventing our patients personal information from getting into the wrong hands.