May 17, 2020

Don't Overlook How Critical Patient Privacy Is

Health IT
Health IT
3 min
From medical records hacking to online security issues, there are a number of ways your patients' security can become compromised.
Although your hospital makes the health of its patients a top priority, online privacy issues could harm your patients in other ways.

From medical reco...

Although your hospital makes the health of its patients a top priority, online privacy issues could harm your patients in other ways.

From medical records hacking to online security issues, there are a number of ways your patients' security can become compromised.

Here are just a few ways to protect your patients and your hospital from security threats.

Hacking Threats for Hospitals

If you're hospital is taking a lax approach to its online security measures, there's never been a better time than now to increase security measures. There are a growing number of cyber criminals targeting hospitals, more specifically, patient records.

Hackers aren't in it for the medical records, but they do want the personal patient information that goes along with those records.

When Community Health Systems was hacked in 2014, hackers stole addresses, phone numbers, and social security numbers from patients in over 200 hospitals in 29 states across the U.S.

[READ MORE] How to Defend Your Hospital Against IT Security Breaches

Cybercrime is quickly becoming a problem in the U.S. health care system.

As the following article looks at, there are ways you can better protect your hospital's digital records while also easing patient apprehension about privacy issues.

Stay Up to Date with HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) continuously updates its security rules and regulations. These rules aren't in place to disrupt your hospital's digital livelihood, but rather strengthen its security measures.

HIPAA has compliance standards that it encourages every hospital in the United States to follow. By keeping your staff trained on the latest HIPAA compliances, you can ensure all necessary data security measures are being taken.

Install the Latest Antiviral Software

This probably goes without saying, but it's surprising how many hospitals and clinics across the country neglect their security software. Downloading antiviral and anti-malware software is one thing, but keeping it updated is something else entirely.

Hackers come up with new ways to breach even the most updated security programs available. By continuously updating your security software with the most recent downloads available, your hospital can fend off attacks and keep hackers at bay.

Stop Using Unsupported Operating Systems

Operating systems change all the time, especially in the medical world. The problem with this scenario is, once an operating system is replaced with a new edition, the support for the old system usually falls by the wayside.

[READ MORE] Why Hackers are Targeting the Health Care Industry

This includes active security updates.

If your hospital is using an out-of-date operating system, it's time to upgrade to the most recent edition. Doing so will provide you with the most current safety features the operating system provides.

Avoid Using Social Security Numbers for Identity Purposes

If your hospital uses its patients' social security numbers as a primary form of identification, it's time to stop. Social security numbers are the top prize for hackers and they will stop at nothing to gain access to them.

Using other identification codes for patient records like unique 5 to 10 digit numbers or a combination of the patient's first and last name will attract less attention from the hacking world.

If the social security number is a necessity, try getting by with the last 4 digits. Stolen social security numbers will cause major issues for your hospital and its patients.

When it comes to keeping your patients safe, don't overlook the security measures above.

About the author: Adam Groff is a freelance writer and creator of content. He writes on a variety of topics including personal health and online security.

Let's connect!  

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article