Local hospital told by their EMR they could not install an application local hackers cooked up for them. these types of contracts are wrong!
— Chad (@ionincognito) July 31, 2013
This is an interesting tweet. I find it interesting that a hospital is working with local hackers. I guess it’s even more interesting that an EMR vendor has enough clout to be able to get a local hospital to not install software. Although, knowing the industry like I do, it’s not that surprising. Should a hospital listen to some local hackers or someone they’ve invested hundreds of millions and sometimes billions of dollars in? (yes, an EHR purchase is an investment)
Of course, this tweet reminded me of a great story my best friend in college told me about when he hacked into the major hospital system where he went to high school. Turns out he used a mix of physical and technical hacks to breach the hospital system.
The key to him breaching the hospital system was that he got access to a computer on the hospital system and left a back door for him to access that computer remotely. All he did to do this was put on a jacket, went to an office in the network where he said he was working for their IT department and was there to run some updates on the computer. They happily let him run the “update” on their computer. Instead, he created a back door where he could get access to the hospital network from anywhere.
I’m sure that many reading this will think twice when someone comes in saying they need to update their computer now. It’s not like most people in the hospital know all the tech support people in their hospital.
Of course, this is a simple little hack. Certainly there are plenty of other ways that someone can hack into healthcare systems. The interesting thing is that most people don’t care about healthcare information. They want financial information. So, someone that does hack a healthcare system is unlikely to do much with the healthcare info. Yes, I’ve read the people who say a patient record is worth $50. I’m still waiting to see someone try to sell one at that price.
I should also mention that I think the tweet isn’t actually talking about this type of hacker. I think the tweet is talking about the Fred Trotter version of “hacker” which just puts together a great solution to a problem (ie. a hack). We need more great solutions in healthcare, so I hope that EMR vendors stop impeding local application hackers to work with hospitals.