Health care horror stories...and cures
Years ago, well before the acronym IoT fell from the lips of any technophile's lips, an industry practitioner told me a story that sounded like an urban legend. It went something like this:
An unfortunate soul who was set to testify against a hood, ended up in the hospital. While his overall prognosis was sound, he still needed to receive medication to regulate his heartbeats, which was carefully being administered to him through an automated IV system.
Once the band of baddies found out where their singing canary was recovering from his illness, so the tale goes, they opted for a more surreptitious means of dealing with him. Rather than putting out a traditional hit on the guy, they went in search of an executioner with some hacking chops. The black-hat hacker successfully breached the hospital's systems and increased the dosage of the unfortunate rat's medication, thereby swiftly taking care of the gang's problem. Without any credible (and living) witness, the case against the made guy was thrown out.
Now, in order to recount this narrative, one would assume investigators found out what really happened and so were able to pursue criminal charges in the end. While this sounded to me like just another interesting fable created to recount one more reason for average citizens not to get involved with the nefarious deeds of mobsters, it also seemed quite plausible.
Fast forward 10 years and here all of us are fretting over the many vulnerabilities and risks associated with the use of IoT devices, including the plethora of life-saving equipment used by our health care providers. The risks of physical harm executed through online intervention is all too real.
In this month's cover story, Contributing Reporter Alan Earls updates us on how far we've come in addressing the countless information security problems that have plagued hospitals for years. Notoriously behind financial and government players, the health care industry must step up (and fast) when it comes to addressing their steady stream of IT security risks. Yet, many professionals in the field who have been striving to do just that, have had their share of impediments – coming in the form of executive pushback, equipment-vendor apathy about vulnerabilities and lifecycle management of risks, lack of clarity from regulators, little investment in IT security planning and technologies, and so much more.
But that seems to be changing, as Earls reports in his piece. And, fortunately, dear reader, as our cover story is based on recent and verifiable happenings, interviews with myriad experts and only the facts, you should have no tall tales here. Nonetheless, if indeed some health care players and regulatory bodies are now taking information security requirements seriously, I, for one, still hope we're seeing the beginnings of a satisfying remedy.
Illena Armstrong is VP, editorial of SC Magazine.