At Techumen we recognize that health care providers have highly complex clinical and business processes. In turn, these core functions rely on a large, distributed, computing and communications environment. We also recognize that the demands on computing for health care will be heightened as burgeoning new care areas like population health with its attendant large data sets, precision and genomic medicine, patient-driven care protocols, networked medical instrumentation, and telehealth become firmly entrenched in care-giving.
Ransomware is a malicious piece of software that encrypts a user or company’s files. Once encrypted by an attacker it is almost impossible for the victim to regain access to the files without a “decryption” key that is held by the attacker or “file kidnapper”. The “kidnapper” of the file(s) then demands a fee from the company to regain access to its own files. Typically, the attacker, sets a short time span -- usually 72 hours or less -- for the infected user or entity to fork over a ransom. (Attackers do not like to leave digital trails and use temporary servers to accomplish their illicit activity). The ransom is usually payable in Bitcoin – an anonymous currency increasingly popular with criminals. The hackers will display some sort of screen or webpage explaining how to pay to unlock the files.
We have conducted over 200 security risk assessments for providers of various sizes, from a multi‐state hospital chain to solo practitioners. One common theme that emerges from all of these assessments is that the return on investment (ROI) on information security products is lower than it could be. Simply stated, most health care providers are wasting limited resources to manage their information security.
This paper aims to explain why software security is fundamental and imperative to health IT transformation. With the recent passage of Health Care Reform and the Health Information Technology for Economic and Clinical Health (HITECH) acts, the nation has reason to be optimistic for significant positive change. The HITECH act of 2009 in particular, sets the stage for vastly improved sharing of electronic health information. If successfully realized, we can expect better patient care, lower administrative costs, and less fraud and waste.