Register for a free consultation!
 

Today, Mayo Posts "How to Fend Off Phishing Attacks." What About Data Security?

10/5/2016 2:45 PM

My buddy Bill Siwicki of http://healthcareitnews.com (well, I know him because I've been reading his posts forever.  Maybe he will return the favor) posts a softball from the Mayo Clinic "Gone phishin': Mayo Clinic shares tips for fending off attacks" detailing how they keep hackers from quite literally hacking users of Health IT software or phishing

Yes, it's about training and repetition and giving positive feedback when an employee identifies and reports a (fake) phishing attack.  We can't help you with that. we are socially awkward geeks so take Dr. Mark Parkulo's advice on the social side of security.  Conspicuous by its absence is what Mayo thinks about security on the data itself.  I think that phishing is about a tenth as prevalent as direct attacks because hacking software is what hackers do.  Phishing requires the hacker to step outside the shadowy computer world that has definite rules into the social world of people where you have to convince them to do something you want them to do.

So why did Dr. Parkulo and Mayo decide to ignore 90% of cyber security?  My guess is that they don't know much about it.  Most practices don't. On Dec. 28, 2015, on the same site http://healthcareitnews.com, Bernie Monegain posted a list of the "10 most recent HIPAA breaches" that ALL happened in the first part of December.  Even worse, at the bottom of the article there is a slideshow detailing all the big data breaches for 2015 and after that a list of all 1683 known HIPAA data breaches for 2015 according to U.S. Department of Health and Human Services
Office for Civil Rights (OCR).


Clearly Doctors focus on the human side, as they should.  I keep crowing about security here, and have stated numerous times that nobody is getting into my database that doesn't shave my face in the morning (barbers don't generally shave me in the morning).  I assumed this would taunt hackers into finding some kind of hole they could exploit, but as I suspected, they can't.  Our sister company Sentia Health has securely published medical records to the internet in our Software as a Service (SaaS) Electronic Medical Records System (EMR) since 2009 and have never had a breach.  Our database uses its very structure to limit the records an authorized user can see to only the ones belonging to patients who call their location primary.  There are universal searches as practitioners may need to see records outside of their particular practice but that's only for no primary practitioners with the oddball patient needing attention. 

Each time a practitioner (or a patient) logs in he or she is issued a globally unique identifier (GUID) that is unique in the universe and identifies the confluence of that user and that user's session.  When the user logs out or gets timed out, that GUID is deleted.  The GUID must be supplied for every call to the database and the user is authenticated each time.  Even if the User ID and Password were somehow stolen and used to hack into the database, the hacker could only see the names of stored procedures, not even the table names, and wouldn't be able to execute those procedures and get any data.  I'm tempted to publish the User ID and Password here and let them try.  They still won't get anywhere. 

As for why Mayo and Dr. Parkulo didn't mention the other 90% of security, it's probably because they have had a couple of data breaches in recent memory as reported by the OCR.  Go to the link above (or here), click "Show Advanced Options" and type "Mayo" into "CE / BA Name Search" text box.  You'll see what I mean.

I'm positive that if I tried to "doctor" that there would be great gnashing of teeth in the land and I would probably end up in prison.  So Doctors, leave the software to us programmers.


Date Written Comment
10/18/2020 10:16 AM qb8T49 http://pills2sale.com/ levitra nizagara
10/18/2020 10:33 AM yMBmYh http://pills2sale.com/ levitra nizagara
11/14/2020 12:52 AM Px3H0l http://pills2sale.com/ viagra online
12/3/2020 5:16 PM pV4IXD https://www.quora.com/What-the-top-SEO-keywords-for-essay-you-know/answer/Alan-Smith-1772 write my essay
12/3/2020 5:24 PM tL7pw1 https://www.quora.com/What-the-top-SEO-keywords-for-essay-you-know/answer/Alan-Smith-1772 write my essay
12/12/2020 12:59 PM rlrxtr http://xnxx.in.net/ xnxx videos
12/12/2020 3:36 PM Mru3xU http://xnxx.in.net/ xnxx videos
12/12/2020 7:52 PM TJTFF2 https://writemyessayforme.web.fc2.com/
12/12/2020 9:33 PM o5dKW1 https://writemyessayforme.web.fc2.com/
12/14/2020 8:52 PM jqWH7W https://writemyessayforme.web.fc2.com/#writemyessay
12/14/2020 10:32 PM VxqyTj https://writemyessayforme.web.fc2.com/#writemyessay
1/9/2021 12:37 AM jTwqU6 https://writemyessayforme.web.fc2.com/octavio-paz-essay-day-of-the-dead.html
1/9/2021 4:12 AM B0Ydwe https://writemyessayforme.web.fc2.com/octavio-paz-essay-day-of-the-dead.html
1/9/2021 4:51 AM F24ljX http://waldorfdollshop.us/ waldorf doll
1/9/2021 8:33 AM M8oEma http://waldorfdollshop.us/ waldorf doll
1/17/2021 1:51 AM fgfvDs http://nexus.cct.lsu.edu:8000/nexus_uis/930
1/26/2021 5:24 AM UszPBx https://beeg.x.fc2.com/
1/26/2021 9:26 AM iI6U3D https://beeg.x.fc2.com/
1/27/2021 4:53 AM Uipy4M https://buyzudena.web.fc2.com/
1/27/2021 6:07 AM AAXeqA https://buyzudena.web.fc2.com/

Add Comment: