Recently Department of Defense has hacked into Health and Human Services website to check the website's vulnerability. Called by the name "Hack the Pentagon " bounty program was a good hit and had impact such that Health and Human Services has started to look at it .
HHS officials mentioned that DoD's recent bounty program paid bounties to hack into various systems to exploit cyber security issues in health care.
Lucia Savage , Chief privacy officer at HHS's office of the National Coordinator for health Information Technology, said that the practice showed whether HHS could meet scaled up health care needs.
Recently ethical hacking has been hot topic at the recent Federal Drug Administration workshop focussing medical devices and their vulnerabilities.
“This is a struggle for devices as well,” she said. “You can’t hack something in the field, because what if the hacker disrupts the operation of the device. Similarly, health data and EHRs, we may not want to have the hacker accessing your live data because that might cause other problems relative to your obligation to keep that data confidential.
“Given that space and given the need to improve cyber security, is there something that ONC can do to improve that rate at which ethical hacking occurs in health care?” savage said her office was working on plans to see how effectively applied to various medical devices sector.
“I think that this is a technique that has been found highly valuable in the rest of industry,” she said. “One of the things we are thinking about is how to get this to take root as a security hygiene process within the health care system.”
Dr. Dale Nordenberg, CEO of Novasano Health and Science and a Health IT standards committee member, said that hacking medical devices could prove difficult because every medical device is hackable, leaving weaknesses and solutions to be worked out with a litany of detail.
“The issue is that once a vulnerability is identified, the industry is highly resistant to exposing to the public that specific vulnerability because the manufacturer has to get engaged,” he said.
Savage added that her office and FDA are continuing to identify details like intellectual property issues and identifying who remedies a vulnerability, but with the Internet of Things and interoperability moving forward, these devices are becoming more interconnected.
HHS officials mentioned that DoD's recent bounty program paid bounties to hack into various systems to exploit cyber security issues in health care.
Lucia Savage , Chief privacy officer at HHS's office of the National Coordinator for health Information Technology, said that the practice showed whether HHS could meet scaled up health care needs.
Recently ethical hacking has been hot topic at the recent Federal Drug Administration workshop focussing medical devices and their vulnerabilities.
“This is a struggle for devices as well,” she said. “You can’t hack something in the field, because what if the hacker disrupts the operation of the device. Similarly, health data and EHRs, we may not want to have the hacker accessing your live data because that might cause other problems relative to your obligation to keep that data confidential.
“Given that space and given the need to improve cyber security, is there something that ONC can do to improve that rate at which ethical hacking occurs in health care?” savage said her office was working on plans to see how effectively applied to various medical devices sector.
“I think that this is a technique that has been found highly valuable in the rest of industry,” she said. “One of the things we are thinking about is how to get this to take root as a security hygiene process within the health care system.”
Dr. Dale Nordenberg, CEO of Novasano Health and Science and a Health IT standards committee member, said that hacking medical devices could prove difficult because every medical device is hackable, leaving weaknesses and solutions to be worked out with a litany of detail.
“The issue is that once a vulnerability is identified, the industry is highly resistant to exposing to the public that specific vulnerability because the manufacturer has to get engaged,” he said.
Savage added that her office and FDA are continuing to identify details like intellectual property issues and identifying who remedies a vulnerability, but with the Internet of Things and interoperability moving forward, these devices are becoming more interconnected.