“Sen. Mark Warner, D-Virginia is scrutinizing the Defense Health Agency’s cybersecurity practices, as the sensitive medical data of servicemembers continues to be exposed online due to unsecured Army Picture Archiving and Communication Servers.”
“In September, a ProPublica investigation revealed that millions of medical records and patient data are being exposed online due to unsecured PACS. Specifically, TridentUSA and its affiliate MobileXUSA, failed to secure 187 computers that store X-Rays, MRIs, and other health data with password or other effective security.”
“After the reports, Warner sent a letter to the vendor demanding answers, as well as the Department of Health and Human Services for what he called a failure to respond to the reports.”
“Germany’s Green Bone Networks has been assessing the security of these platforms used by the majority of healthcare. In November, the number of unsecured PACS has increased the number of exposed medical images to about 1.19 billion.”
“Following those reports, Warner said that 16 systems, 31 million images, and 1.5 million exam records were removed from online access. However, medical data of servicemembers are still exposed…”
“Data shared between providers should be protected with encryption, proper hashing, segmentation, vulnerability management, and identity and access controls, Warner stressed. DHA should also be diligently monitoring, auditing, and logging access and activity.”
“Warner is asking DHA Assistant Secretary Thomas McCafferty to explain the steps taken to address the issue and when those systems were removed from the internet.”
“McCafferty must also outline the information security management practices used at military medical hospitals and whether network segmentation, micro-segmentation, multi-factor authentication, logging, monitoring, or access controls are required at those facilities…” Read the full article here.
Source: Sen. Warner Digs into DHA Over Exposed Army Medical Center Images – By Jessica Davis, January 17, 2020. Health IT Security.
