According to a recent study by the Washington Post, health care is "among the most vulnerable industries in the country."
Avi Rubin, technical director of the Johns Hopkins University Information Security Institute (JHUISI), told the Post, "I have never seen an industry with more gaping security holes. If our financial industry regarded security the way the healthcare sector does, I would stuff my cash in a mattress under my bed."
"The Post is hardly the first to flag security as a growing problem for healthcare -- a study earlier this month from the Ponemon Institute and ID Experts found that a third of health organizations polled don’t have the technology, budget or trained personnel to handle contemporary security challenges," writes GigaOM's Ki Mae Heussner. "But the article detailed several anecdotes indicating that while the industry is trying to deal with the problem, its culture and technology are behind the times."
"In one instance, the University of Chicago managed patient care through an unsecured Dropbox [account] with one username and password made readily available online," writes TechNewsDaily's Ben Weitzenkorn. "In another, a researcher easily took over an electronic medicine cabinet via his Web browser. Rubin said the industry is generally remiss in fixing known security flaws and has a culture that favors convenience over even basic security protocols such as passwords."
"Compared with financial, corporate and military networks, relatively few hacks have been directed at hospitals and other medical facilities," writes The Washington Post's Robert O'Harrow Jr. "But in recent months, officials with the Department of Homeland Security have expressed growing fear that health care presents an inviting target to activist hackers, cyberwarriors, criminals and terrorists."