There's TOO MANY data-leaking healthcare firms, growls Symantec Security software company Symantec is being drenched in calls from breached health organisations that have lost devices or suffered an information security snafu. Some 80 per cent of the calls its incident response team has received since December are from healthcare firms, topping the charts for the number of breach incidents …
The security is atrocious because each hospital wants to do their own things and use whatever cobbled together solution they were before. There is no standardization and the budget to get everything to that point is razor thin (yet the executives all took in massive bonuses, go figure). The worst part is that I was hired as a consultant to set up a security monitoring tool because they hadn't had a working one for close to 10 years now so we don't even know what has happened (They were using RSA enVision, its a massive piece of crap).
The scary thing is that if you've ever been in a hospital whose name starts with "Saint", there is a decent chance of being treated by us...
Although what is ironic with this report is that most of the of the security issues we have are from Symantec Endpoint Protection not actually cleaning the malware it finds...
Anonymous because I don't want to get fired just as I've started getting their house in order.
And, on the face of it, I think I rather prefer it that way.
Okay, sure, patient data should be safeguarded and all that, I agree. But you can't really blame the staff for taking more care of patients than of their computers.
Yes, the situation has to change. I'm sure the orderly who is on his second 24-hour shift in a row would agree. I'm also sure that hospital management could do a lot better.
But let's face it, a hospital is a leaky dam at best, and everybody is running around trying to plug all the holes at once most of the time.
I'm not surprised that IT issues find themselves at the bottom of the stack.
However, people who integrate hospitals to abuse the system and sell off patient data should be jailed.
For a long time.
Okay, sure, patient data should be safeguarded and all that, I agree. But you can't really blame the staff for taking more care of patients than of their computers.
That's just silly. I would not expect the medical staff to handle IT support, but I would expect there to be dedicated IT staff. The medical staff should handle IT assets just as they would any other equipment and should have appropriate training to understand what to do with it. This includes how to safeguard patient records.
So much of what drives the medical field, at least in the US, is liability. Yes, hospitals are used to dealing with malpractice issues, but if they are hit with a series of sueballs because they failed to take reasonable measures with their data, I would expect the issue to ratchet up in importance in hospital execs' minds.
Oh, and "Healthcare organisations have about four times as many reported incidents as education, government, and finance sectors, which averaged around 30 each." FTFY.
Symantec need to get their own security in order. Every unique address email address I ever gave Norton (for NIS, 360, Ghost, Utilities etc) suddenly started getting loads of spam a few months ago. These were quite unique, obscure email addresses - some from 2005-2006. But of course, they deny any breach or theft and don't even seem to understand the problem (because 'they didn't send it').
That was an inside job. Someone or something collected and sold those addresses to spammers.
It might not have even been Symantec but your internet provider. You are right to use one time email addresses.
I never got any spam until I started using these very forums and now I get alot of Russian and English spam and I'm in the states, not Blighty. Bet there is an infected piece of kit somewhere at El Reg.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
