Register for a free consultation!

Today, Mayo Posts "How to Fend Off Phishing Attacks." What About Data Security?

10/5/2016 2:45 PM

My buddy Bill Siwicki of (well, I know him because I've been reading his posts forever.  Maybe he will return the favor) posts a softball from the Mayo Clinic "Gone phishin': Mayo Clinic shares tips for fending off attacks" detailing how they keep hackers from quite literally hacking users of Health IT software or phishing

Yes, it's about training and repetition and giving positive feedback when an employee identifies and reports a (fake) phishing attack.  We can't help you with that. we are socially awkward geeks so take Dr. Mark Parkulo's advice on the social side of security.  Conspicuous by its absence is what Mayo thinks about security on the data itself.  I think that phishing is about a tenth as prevalent as direct attacks because hacking software is what hackers do.  Phishing requires the hacker to step outside the shadowy computer world that has definite rules into the social world of people where you have to convince them to do something you want them to do.

So why did Dr. Parkulo and Mayo decide to ignore 90% of cyber security?  My guess is that they don't know much about it.  Most practices don't. On Dec. 28, 2015, on the same site, Bernie Monegain posted a list of the "10 most recent HIPAA breaches" that ALL happened in the first part of December.  Even worse, at the bottom of the article there is a slideshow detailing all the big data breaches for 2015 and after that a list of all 1683 known HIPAA data breaches for 2015 according to U.S. Department of Health and Human Services
Office for Civil Rights (OCR).

Clearly Doctors focus on the human side, as they should.  I keep crowing about security here, and have stated numerous times that nobody is getting into my database that doesn't shave my face in the morning (barbers don't generally shave me in the morning).  I assumed this would taunt hackers into finding some kind of hole they could exploit, but as I suspected, they can't.  Our sister company Sentia Health has securely published medical records to the internet in our Software as a Service (SaaS) Electronic Medical Records System (EMR) since 2009 and have never had a breach.  Our database uses its very structure to limit the records an authorized user can see to only the ones belonging to patients who call their location primary.  There are universal searches as practitioners may need to see records outside of their particular practice but that's only for no primary practitioners with the oddball patient needing attention. 

Each time a practitioner (or a patient) logs in he or she is issued a globally unique identifier (GUID) that is unique in the universe and identifies the confluence of that user and that user's session.  When the user logs out or gets timed out, that GUID is deleted.  The GUID must be supplied for every call to the database and the user is authenticated each time.  Even if the User ID and Password were somehow stolen and used to hack into the database, the hacker could only see the names of stored procedures, not even the table names, and wouldn't be able to execute those procedures and get any data.  I'm tempted to publish the User ID and Password here and let them try.  They still won't get anywhere. 

As for why Mayo and Dr. Parkulo didn't mention the other 90% of security, it's probably because they have had a couple of data breaches in recent memory as reported by the OCR.  Go to the link above (or here), click "Show Advanced Options" and type "Mayo" into "CE / BA Name Search" text box.  You'll see what I mean.

I'm positive that if I tried to "doctor" that there would be great gnashing of teeth in the land and I would probably end up in prison.  So Doctors, leave the software to us programmers.

Date Written Comment
10/18/2020 10:16 AM qb8T49 levitra nizagara
10/18/2020 10:33 AM yMBmYh levitra nizagara
11/14/2020 12:52 AM Px3H0l viagra online
12/3/2020 5:16 PM pV4IXD write my essay
12/3/2020 5:24 PM tL7pw1 write my essay
12/12/2020 12:59 PM rlrxtr xnxx videos
12/12/2020 3:36 PM Mru3xU xnxx videos
12/12/2020 7:52 PM TJTFF2
12/12/2020 9:33 PM o5dKW1
12/14/2020 8:52 PM jqWH7W
12/14/2020 10:32 PM VxqyTj
1/9/2021 12:37 AM jTwqU6
1/9/2021 4:12 AM B0Ydwe
1/9/2021 4:51 AM F24ljX waldorf doll
1/9/2021 8:33 AM M8oEma waldorf doll
1/17/2021 1:51 AM fgfvDs
1/26/2021 5:24 AM UszPBx
1/26/2021 9:26 AM iI6U3D
1/27/2021 4:53 AM Uipy4M
1/27/2021 6:07 AM AAXeqA
4/9/2022 5:15 AM Was sind snuff it besten Gewinnchancen in einem Casino? "Einarmige Banditen" Einarmige Banditen Casinos werden in erster Linie mit Roulette und Poker in Verbindung gebracht, aber Statistiken zeigen, dass 61 % der Besucher von Spielhallen ihre Zeit damit verbringen, einarmige Banditen zu spielen (Daten von 2013 von der American Gaming Association). Vanish Regeln der Spielautomaten sind sehr einfach, und der niedrige Mindesteinsatz macht sie auch fur pass away armsten Spieler zuganglich.
4/18/2022 6:06 PM
4/18/2022 9:39 PM

Add Comment: