Consequences of Windows XP End of Life on the Healthcare Industry

The healthcare industry is a dynamic and high-pressure field that relies heavily on information technology (IT) for patient care delivery and health record management. However the industry’s pace and missions makes maintaining a robust cybersecurity posture difficult.  Specifically, Microsoft’s retirement of Windows XP (April 8, 2014) has provided difficult challenges for the healthcare industry. With increased reliance on computer-controlled medical devices and electronic record systems, the healthcare industry has dramatically increased its cybersecurity attack surface over recent years without commensurately increasing IT budgets.1 Read more

IT Malpractice: Doc Operates on Server, Costs Hospitals $4.8M

Two hospitals recently violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules when a physician attempted to deactivate a personal computer from the hospitals’ shared network. As a result, the servers on the network, as well as the security settings, were deactivated, leading to the disclosure of patients’ electronic Protected Health Information (ePHI).1 In general, healthcare organizations are vulnerable to this type of incident because of the prevalence of partnerships with other entities, including hospitals, research institutions, physicians, insurance companies, etc. The goal of such partnerships is a shared commitment to promote healthy communities through disease prevention, treatment, and education; to meet this goal, partners collaborate by sharing ePHI and network resources. This document discusses the consequences of inadequate network security in hospitals, the lessons learned from the data breach incident, and the need for training healthcare workers to mitigate future incidents. Read more