Healthcare IT Security

July 26, 2006

Problems with software security cause problems for Georgetown University Hospital

Filed under: Health Informatics, Privacy, Security — healthcaresecurityguy @ 11:50 pm

According to wired another software has caused a leakage of information of patients, this time it was the turn of InstantDx from Maryland-based e-prescription firm. Yet another step in the hard way ahead.. lessons learned hopefully.


July 5, 2006

The(Doctor )is logged in …

Filed under: Health Informatics, Medical Informatics, Privacy, Security, Software Engineering — healthcaresecurityguy @ 1:36 am

Business week last week contained an article on telemedicine. Its not first time this has cropped up in books “The world is flat” too has similiar references. As with any services in knowledge economy the work tends to float towards where there is cheap labour. It appears to me that there are a few things that mihgt have been overlooked. For starters that would be the privacy of the patient. Yet another one would be the threat to which the patient is exposed due to bugs in software. How about security of the software, it would be an interesting target for anyone from petty criminals to intelligence agencies….the rest is left to your imagination. I am sure inspite of all the risks this sector would grow..

June 29, 2006

Yet another loss of hardware with confidential data

Filed under: Privacy, Security — healthcaresecurityguy @ 11:01 pm

Personally identifiable information of more than 2.2 million active personal of US seems to have been leaked worse still apparently the hardware does have information on 26.5 million veterans. It would be very interesting to note if this happens to US military what can happen to health records? Does the solution lie with better policies or with technical solutions like trusted storage initiative which is a part of trusted computing intiative.

June 27, 2006

PET 2006

Filed under: Cryptography, Medical Informatics, Privacy, Security — healthcaresecurityguy @ 10:50 pm

Privacy Enhancing Technologies Workshop is going to be held in Cambridge. One of the speakers dropped by to give a presentation on Protecting Privacy with the MPEG-21 IPMP Framework. Interesting thought DRM framework used for providing privacy :-). I guess the key here is what is the driving force, is it the economic forces or need for privacy. One thing is clear, objectives of DRM and providing privacy are different. Interesting intiative..end result ..well wait and see…

June 18, 2006

NHS IT program in news again

Filed under: Health Informatics, Medical Informatics, Privacy, Security — healthcaresecurityguy @ 1:26 am

NHS and its overpriced overdelayed IT program has come to public attention again for the wrong reasons. Interestingly enough, in a country where ID cards caused so much heated debate, this has remained under the radar. All major IT projects in UK have failed in the past, this is very well known. The patient data of millions of NHS patients would be put into an untested system. The implications of it are to be seen. The price which NHS patients would ultimately might have pay might be those of thier lives only time could tell.

June 9, 2006

UK government interested in security and privacy of patient data ?

Filed under: Health Informatics, Medical Informatics, Privacy, Security — healthcaresecurityguy @ 12:22 pm

 I happened to attend Trustguide workshop, an intiative by industry and goverment of UK ( DTI). The feed back from this supposed to go back to folks who make policies, interestingly enough we were asked what do u think about NHS IT. The folks in the room, mostly Phd students in ISG didnt seem to think it was a great idea. And the mediator/presentor seems to think the same. Hope the voices of concern reach someone in power who cares about this.

May 8, 2006

Hacking health

Filed under: Health Informatics, Medical Informatics, Security — healthcaresecurityguy @ 1:22 am

An interesting talk on Electronic Patient Records in The Netherlands. The bittorrent to the whole lecture is available so is the slides, very interesting observations from who doenot claim expertise on either healthcare or security.

March 31, 2006

Analysis of the Linux Random Number Generator

Filed under: Cryptography, Open-Source, Security — healthcaresecurityguy @ 11:49 am

An interesting analysis of random number generator. Good to know what you get in linux…I am wondering if there exists a similiar one that exists for Windows and other operating systems. The bottom line in the paper is the fact that when /dev/random was thought of they were not thinking about security 🙂

March 17, 2006

Open Source vs. Commercial Software in healthcare

Filed under: Health Informatics, Medical Informatics, Security — healthcaresecurityguy @ 12:29 am

I had posted my thoughts on open vs commercial software in healthcare. I found an interesting post in Healthblog,you could guess, where the blog is from. Interestingly enough there is reference to security of Vista EMR ( look who is talking ). Assuming that level of security provided remains at current levels, I would be suprised if there are no serious implications to privacy and security if a transition to so called commercial OS and applications.

March 16, 2006

How about computer viruses infecting you ?

Filed under: Health Informatics, Medical Informatics, Security — healthcaresecurityguy @ 3:40 pm

An interesting post on slashdot set me thinking. RFID’s are used in medical procedures, what would that mean, computer viruses infecting humans ( with RFID’s). The acceptance of RFID’s has raised few eyebrows regarding privacy more interesting events may be on the horizon

Older Posts »

Create a free website or blog at