++
Security is an ever-increasing concern for computer users and a critical issue for the medical community. Patient confidentiality is inherent to ethical medical care and the recent Health Insurance Portability and Accountability Act (HIPAA) legislation has focused a spotlight on the vulnerability of electronic medical data. Security breaches can result from mistakes, curious hackers, and/or malicious intruders. Computers newly attached to the Internet are scanned for open “doors” within a matter of seconds by various automated hacker probes.
++
Computer viruses, worms, and attacks have evolved from what were originally pieces of software typically designed to do mischief to what are now (often) professionally designed programs with commercial or politically designed ends. The computer industry has effectively responded with its own “health care” system of companies whose sole purpose is computer “hygiene” or “treatment.” There are companies that monitor the Internet for the emergence of new threats, companies that intentionally attack corporate information systems to reveal vulnerabilities and report them back to those corporations and companies that manufacture new software intended to create an “immune system” for computers and networks (Fig. 7-1).
++++
The immune system analogy is a convenient way to think of computer security for a variety of reasons in that it provides a framework to discuss a number of different types of threats that are relevant to the healthcare environment. The individual computer can be dealt with as if it were a cell, while the health care system’s network is the circulation and the Internet is the world at large.
++
Key Points
Keep passwords secure.
Good passwords are hard to “discover” and easy to remember.
“Viruses,” “worms,” and “Trojan horses” are different types of threats to individual computers.
Antiviral software should be installed and definitions should be kept current to protect each PC attached (even intermittently) to a network.
“Firewalls” inhibit threats arriving through network connections.
++
Computer logon is the way in which individuals identify themselves to a local machine and/or a network. The creation and maintenance of good passwords is critical to computer protection. Giving a password to a “friend” who can’t logon can have bad consequences: actions taken with a computer logged in under someone’s name are legally presumed to have been performed by that individual. Hackers work very hard to get passwords using techniques as primitive as “dumpster diving” and as sophisticated as so-called dictionary attacks where every word in the dictionary and common variants are used in attempts to break into a user’s account (Fig. 7-2). While this sounds like an exhausting manual process, programs are available from the Internet that automate this attack. Good passwords use a combination of upper and lowercase letters, numbers, and symbols. They ...