Tuesday’s Washington Post issued a dire warning to the American medical sector: The healthcare industry is now more vulnerable to hacking than nearly any other industry. Over the past few years, medical records and other vital medical information has been migrating online as hospitals and other providers look for ways to improve efficiency and cut costs. These are worthy goals, but as the Post notes, efforts to improve the security of these electronic records have failed to keep pace with the scramble to put them online:
Rubin has documented the routine failure to fix known software flaws in aging technology and a culture in which physicians, nurses and other health-care workers sidestep basic security measures, such as passwords, in favor of convenience.
Another researcher found that a system used to operate an electronic medicine cabinet for hospital prescriptions in Oklahoma could be easily taken over by unauthorized users because of weaknesses in the software interface.
OpenEMR, an open-source electronic medical records management system that is about to be adopted worldwide by the Peace Corps, has scores of security flaws that make it easy prey for hackers.
The University of Chicago medical center operated an unsecure Dropbox site for new residents managing patient care through their iPads, using a single user name and password published in a manual online.
Fortunately, attacks on this vulnerable infrastructure have been extremely rare thus far. But with gaping vulnerabilities like those described above, we cannot expect these networks to go undisturbed for long.
We tend to think of our healthcare needs in brick-and-mortar terms: more hospitals, more doctors, more machines. This is a mistake. Increasingly, the core of our system will be information.
Creating appropriate legal frameworks for the collection, organization, analysis and appropriate use of this information while protecting individual privacy is a herculean but vitally necessary task that, if done well, can improve our health and cut our health care costs.
Yet the infostructure of health care is not getting anywhere near the attention it needs. We’re beginning to see some of the costs of failure.