Hacker Calls Health Security "Wild West'

Erin McCann | HealthCare IT News | June 11, 2014

Kevin Johnson is a professional hacker -- albeit a self-described ethical one. As head of the security consulting firm Secure Ideas, his job involves probing into organizations' networks and applications to identify vulnerabilities. And what he sees in healthcare terrifies him.

Johnson, who will moderate a panel ­– "Frontline Perspective: Combating Cyber Crime in Healthcare" – at the HIMSS Media and Healthcare IT News Privacy and Security Forum June 16-17 in San Diego, has conducted tests for health insurance companies, hospitals and medical app companies. For the majority of them, he said, "security sucks."

In an alarming number of cyber attacks, for instance, organizations were completely unaware they had been hacked, according to a March FBI report. Some "3,000 organizations of all types, but very many of them medical related, the way they found out there was a problem with their network is they got a phone call from the FBI," said Johnson. "If the FBI is initiating your incidence response, you have a problem." Part of the that problem pertains to perceptions of these healthcare organizations – in particular, many smaller hospitals...