Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2017 Feb;30(1):117-125.
doi: 10.1007/s10278-016-9913-x.

Cyber-Security Issues in Healthcare Information Technology

Steve G Langer  1
Affiliations

Cyber-Security Issues in Healthcare Information Technology

Steve G Langer. J Digit Imaging. 2017 Feb.

Abstract

In 1999-2003, SIIM (then SCAR) sponsored the creation of several special topic Primers, one of which was concerned with computer security. About the same time, a multi-society collaboration authored an ACR Guideline with a similar plot; the latter has recently been updated. The motivation for these efforts was the launch of Health Information Portability and Accountability Act (HIPAA). That legislation directed care providers to enable the portability of patient medical records across authorized medical centers, while simultaneously protecting patient confidentiality among unauthorized agents. These policy requirements resulted in the creation of numerous technical solutions which the above documents described. While the mathematical concepts and algorithms in those papers are as valid today as they were then, recent increases in the complexity of computer criminal applications (and defensive countermeasures) and the pervasiveness of Internet connected devices have raised the bar. This work examines how a medical center can adapt to these evolving threats.

Keywords: Computer communication networks; Computers in medicine; Computers security.

PubMed Disclaimer

Figures

Fig. 1
Fig. 1
(A) X sends a message, and it is altered by M. Y cannot discern the alteration. (B) X computes the document’s message digest (MD) and sends its value (1003) with the document. M alters the message. Y recomputes the MD of the message and detects an alteration, because the MDs do not match (957 ≠ 1003). (C) This time, M recomputes the MD and sends it with the altered message. Now when Y recomputes the MD and checks against the sent MD, the two match, and Y is fooled. (D) X digitally signs the MD, and M cannot reproduce X’s signature without X’s private key. Nevertheless, M alters the message. When Y decodes the MD signed by X and compares it with the recomputed MD of the altered message, Y detects the substitution (957 ≠ 1003)
See this image and copyright information in PMC

References

    1. Langer SG, Stewart BK. Computer security: a primer. J Digit Imaging. 1999;12(3):114–23. doi: 10.1007/BF03168630. - DOI - PMC - PubMed
    1. Seibert T, Andriole K, Langer S, Siegel E, Morin R: Practice Guideline for Electronic Medical Information Privacy and Security. American College of Radiology Practice Guideline. 2004; 2004(Res. 12):471–77. PMID: 0
    1. Morin et al: “ACR-AAPM- SIIM Practice Parameter for Electronic Medical Information Privacy and Security “ http://www.acr.org/~/media/419A8512DBDB4FDE99EC75B3C68B01CF.pdf, 2014
    1. “Health Insurance Portability and Accountability Act: Final Rule”. Federal Register, 2013; 78(17): 5566–5698. https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf
    1. Felice RW et al: “Taking Back Control of Our Pacemakers and OnStar Vehicles” SIIM Annual Meeting, 2016, Portland, OR. http://siim.org/page/16it_security

LinkOut - more resources