Very Sad News

There was a recent news article that described how an emergency room was shutdown because of someone’s attempt to make a little cash. He basically had a little army of robots that would traverse the internet looking for vulerable computers that he could exploit. This technique isn’t anything new and so we should be use to it. However, it is sad when people put other people’s lives at risk because they want to make a buck. There’s really no excuse for it. Unfortunately I don’t think prison is even going to solve the problem. Although I do hope that he is convicted of whatever is possible.

More importantly is why wasn’t the hopsital better prepared for this? Regularly patching windows, anti-virus and adware programs can protect you from most of these attacks. This should give us all a little more interest in making sure our updating and scanning policies are good. My guess is that even the most basic HIPAA compliancy should have protected this hospital from attack.

Thankfully no one was hurt in this story. It will be a very sad day when this is not the case.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • The sad part is that critical hospital systems were made publicly accessible. Reality is that there is malicious software in use and constantly being created, and that’s been a given for many years already. Forget the kid who works at walmart – the one who put people’s lives at risk was the person who actually knew better and was responsible for their systems architecture, who then decided a properly configured firewall wasn’t necessary.

  • I disagree that we need to forget the kid at Walmart. He’s responsible for his actions. I do agree that the system architect that left their health systems open is responsible too. These policies are nothing new.

    One other person we could possibly throw under the bus is the hospital administrators who wouldn’t fund the firewall. A systems architect can only do so much for a hospital without the money to pay for good HIPAA security.

  • I am currently trying to implement an EMR system in a small practice. I am trying to convince the parties involved that it is necessary to transition to a domain controlled network for security reasons even though this type of network is not required for our EMR system or its server. My understanding of HIPAA is that simply having a firewall does not qualify as a “secured network”. Am i right on this?

Click here to post a comment