“Security gaps leave patient records exposed,” reported Ricardo Alonso-Zaldivar of Associated Press.

In the article, the inspector General of the Health and Human Services released two reports that find that the drive to connect hospitals and doctors so they can share patient data electronically is being layered on a system that already has glaring privacy problems. Connecting it up could open new pathways for hackers.  This report resulted from an audit performed by the Government of seven hospitals that resulted in a staggering 151 security vulnerability weaknesses.

“The list of vulnerabilities read like a road map for hackers,” said Ricardo Alonso-Zaldivar.  Some of the vulnerabilities include inadequate password requirements, computers that did not automatically log off inactive users, unencrypted laptops that contained patient data, problems with wireless access that included the inability to detect unauthorized intrusion, lack of continuous monitoring, and even the absence of a firewall separating wireless from other internal networks.  A very common problem amongst the seven hospitals was the slow updating of their computer software to defeat known security bugs.

The full article can be read at: http://on.msnbc.com/lK4by2

The seriousness of protecting online records has come to light in recent reports such as the two released by the inspector General of the Health and Human Services.  Why would anyone want to get a hold of patient data? Just like any other record out there, there is valuable information such as names, date of birth, address, and social security numbers.  This information makes it possible for any hacker to steal a patient’s identity and expose sensitive information.

Implementing best practices through multiple layers of security protection helps to protect online records.  One such practices is to implement a least privileges environment, where administrator rights are removed from the end users, and policies and application level processes are managed using a privilege management solution. Viewfinity Privilege Management has helped EagleMed LLC manage administrator rights at the endpoint – for both in-house PCs and mobile laptops.  EagleMed LLC takes protecting patient data seriously.  According to Ryan Kane, Systems Engineer for EagleMed LLC, “The bigger gain was the ability to lock down our PCs and use Viewfinity Privilege Management to manage administrator rights. By locking down the machines, we prevent the sharing of patient data and we’re also mitigating the security risks introduced through malware.  This will have a very positive impact with the auditors. From an IT perspective, staff now only has access to do what they’re required to do.”

Read the full EagleMed Case Study.