Data security: Mitigating the human element

Claudette Lew | | Radiology Business | Medical Imaging

“The cost of global cybercrimes now exceeds the revenue from the global drug trade,” said David Anderson of consulting firm CliftonLarsenAllen at the start of his presentation to RBMA members on information security at the RBMA Fall Educational Conference in Seattle. “Every second of the day, people are out there looking for the weak link. Sixty percent of the time,” he said, “they are getting in with the access of a legitimate user.” He stressed the importance that businesses and their vendors maintain protocols and conduct comprehensive user training to protect the integrity of their data because more often than not, the weakest link in the system is human.

Anderson’s job is to review the security of organizations’ information systems and one of the ways he does that is to by playing the role of a “white hat” hacker who deliberately tries to break into systems in order to test them. “Ninety percent of the time the weakest link in the system is a vendor system,” he said. “And the most successful intrusions were not considered highly difficult,” he added.

Commonly, when working with third party systems, access may be set at higher levels and certain security features turned off to make it easier for the users. Unfortunately, this also makes it easier for hackers.

 “Hackers want to abuse the systems in place,” he said. “They will go after the weak link in the system, whether that is you or a business partner.”

As more vendor systems are becoming cloud based, and there is more interoperability between systems, hackers are breaching one system to gain access into additional systems.  

Combatting this challenge cannot be done simply with more secure systems because of the human element to security. He discussed several examples of how systems are being breached every day. In an audio recording, Anderson impersonates a vendor and asks a user to manually download a system update. Without hesitation, the woman follows his instruction.

So regardless of the system’s security features, the human element must always be considered in information security. Anderson counsels that training is critical in maintaining data security, though not always easy. “In addition to training on protocols, it’s important to train all users to be aware and savvy,” he concluded.

 

Claudette Lew

Related Content

Radiologists are more accurate, confident when they know the full story
GE HealthCare moves PET/CT scanner production to United States
Use of AI opportunistic screening in CT for cardiovascular disease
ACR offers resources to achieve radiology AI best practices
PHOTO GALLERY: Examples of FDA-cleared AI in radiology
AI opportunistic screening may have tremendous potential to help patients, ACR CEO says

Around the web

Cardiovascular Business
Global shortage of nuclear imaging isotopes may be over

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

Cardiovascular Business
‘A huge win’: CMS significantly increases Medicare payments for cardiac CT

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

Cardiovascular Business
GE HealthCare moves PET/CT scanner production to United States

The all-in-one Omni Legend PET/CT scanner is now being manufactured in a new production facility in Waukesha, Wisconsin.

Design by Adaptive Theme
Trimed Popup
Trimed Popup