John Martinez doesnt have to go far to find an example of why cyber security is critical in the healthcare industry.
Even a simple trip to the dentist with his wife yields proof. While waiting at the dentist office the other day, he discovered that the offices wireless network was basically unsecured and left open for the taking.
I noticed and this is from my iPad, its not even my laptop that they had an Apple Airport, and I started noticing that I could actually configure this Apple Airport through my iPad and set up different accounts using that wireless, Martinez said. I could actually manipulate their wifi, and I could have named it whatever I wanted.
His partner, Christopher Hegg, slowly shakes his head in disbelief.
He could have been very malicious and taken that entire network down and locked everyone out, because it wasnt configured correctly, Hegg said. There werent passwords, so that leads you to believe Well, what else isnt configured? What else in their network is open?
Luckily for this dental practice, Martinez and Hegg are the good guys and far from malicious. Finding these kind of lapses in cyber security is what they do professionally at CoreRecon. CoreRecon is the brainchild of John Martinez, Christopher Hegg and their other partner, Patricia Luttrell. All three are retired from the armed services, in which they all worked in cyber security. Luttrell is the companys chief technology officer, Martinez is the chief executive officer, and Hegg is the companys senior security engineer. The Corpus Christi-based security company specializes in cyber security, IT solutions and Cloud solutions. They are one of the few companies in the country which offer Cloud assessments, Cloud security and Cloud implementations.
They also specialize in helping medical practices reach and maintain HIPAA Compliance.
HIPAA is the Health Insurance Portability and Accountability Act, which is meant to protect patient privacy and healthcare information, especially electronic information.
Thats who we are…Were the security guys who know security. -John Martinez, CEO of CoreRecon
HIPAA Compliance is at the center of CoreRecons largest ongoing project. The team is working with Amazon Web Services to create a HIPAA compliant infrastructure in the Cloud that can be leveraged by software companies. The goal is to provide a common form of security, which is essential to securing data.
This way, we can create a uniformed approach instead of having 1,000 different practices doing security their own way, said Hegg, explaining that, We can provide a singular solution that is within compliance that they can continuously replicate. Everyone has the same requirements to fulfill, so we can implement security one way instead of a thousand people doing security a thousand different ways.
Often times, medical practices are so small or unequipped to properly handle the security of information. Data which should be encrypted usually isnt. Information is also often handled or transmitted improperly by unsecured emails and even cell phones.
CoreRecons solutions are meant to get medical practices up to date with technology and of course in compliance with federal regulations.
Part of HIPAA requires a contingency operation plan and a recovering plan, Hegg said. Unfortunately, a lot of practices dont implement theses processes. You know, Everything will be fine. We have a back-up. But their back-up may be on-site which recreates a single point of failure. They may not even be protected correctly on-site, so one of the things weve done is developed a redundant storage device on-site. So if one hard drive dies, another one still has the
data near. Additionally, every night, it gets encrypted and sent to the Cloud for an off-site back-up solution.
The medical industry as a whole is the number one targeted industry because theyve been operating a certain way for so many years, or they think theyre a small practice -Christopher Hegg, Senior Security Engineer
All of these measures may seem redundant or even overkill on CoreRecons part, however, they warn that havingpersonal information like that of medical records can lead to identity theft, which can be more damaging and costly than having a credit card or bank information stolen.
According to a report by the Medical Identity Fraud Alliance called The Growing Threat of Medical Identity Fraud: A Call To Action, the number of data breaches in the medical sector has quadrupled in the last five years. The healthcare industry is again on track to lead in data breaches this year, according to the ID Theft Center.
Hegg said the trend is a byproduct of practices simply handling information like its been handled for years.
The medical industry as a whole is the number one targeted industry because theyve been operating a certain way for so many years, or they think theyre a small practice, he said. Once someone steals your identity, that can go on for years. It can become a huge headache for your entire life. You wont be able to apply for a credit card, buy a house or do anything, because youll have to go through additional steps to prove your identity.
Most practices, and many of CoreRecons customers, already have IT personnel on staff, but Martinez explained that often times someone who handles computer hardware and software may not be adequately prepared to handle cyber security.
Not to knock the IT industry down, Martinez said. I think theyre great at what they do. Were not saying that all IT guys dont do a sufficient job, because they do. Ill break it down to you like this theres general dentistry and everyone has one. Those are your IT guys. Then there are oral surgeons, and theres not that many of them because they specialize. Thats who we are. Were the oral surgeons. Were the security guys who know security.