- Health Care News Now
According to reports, the HIPAA code is used everywhere in the $3 Trillion Health Care industry. The following link shows a guide that the HIPAA code should be based around and security rules ( HIPAA Developer Guide )(2017). Our researchers searched all over the Web however we finally found HIPAA compliance code used in the $3 Trillion Health Care Industry that will allow Malware creators to exploit the $3 Trillion industry ( HIPAA code exposed at Github)(2017). Later this year, CNBC reported Tech set to transform $3 trillion health care industry, but the HIPAA code was sitting for 7 Months, which is enough time to spread the code and mix it with malware however there are over 70 Million servers and this means Health Care Industry is Rotten ( $3 Trillion Health Care Industry)(2017). The media previously reported numerous health care breaches due to malware and other hacking attacks (Health Care Databreaches caused for various reasons)(2017). Firmware is everywhere; from the largest data center to the smallest networked LED light bulb. It is the most powerful code on any system because it controls how devices operate. Compromised firmware can be used to corrupt or steal data, spy on your environment or even destroy the system it is controlling. My reasoning is that the HIPAA Security Rule standard for implementing a security management process requires that Covered Entities (CEs) and Business Associates (BAs): (i) conduct a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI); and (ii) adopt security measures to reduce or remediate risks that are identified. These steps are designed to appropriately mitigate and respond to cybersecurity incidents impacting ePHI. All Health Care providers are required to follow HIPPA’s strict security guidelines to protect their medical and financial information. The above exposed HIPAA code focuses on the dangers of HTTPS interception products designed to inspect network traffic for malware. The mechanics of the products’ functionality might actually make network connections less secure, and vulnerable to Man in the middle attacks. MITM attacks take many forms and are difficult to detect because there’s usually no trace left to indicate that information has been exposed. MITM attacks consist of a third party intercepting the communications between two parties — say, a mobile health app and a database full of PHI. A malicious individual may execute an MITM attack to eavesdrop on or manipulate those communications to cause harm or bypass other security measures on either side of the connection.
These attacks can be particularly devastating for health care entities and the $3 Trillion Health Care Industry who need to comply with HIPAA, but the code can be planted on the server in (DIAGRAM 1 below). Yes, there’s the potential for PHI exposure. But in addition, such a breach is difficult to detect, and so the entity may only become aware of the breach after it’s too late — after pilfered data is published on the internet.
DIAGRAM — 1
Mobile apps often are the front-end for much deeper enterprise architecture, making the MITM potential impact even greater. A compromised connection between a mobile app and an enterprise’s network infrastructure can affect not only the compromised user, but the entire IT organization that supports the app. Recently Quest Diagnostics found this out the hard way when vulnerability in their mobile app exposed over 34,000 patient records. Attackers leveraged the mobile app to expose an entire database.
In addition to large-scale data compromise, a successful MITM attack could allow an adversary to read and modify the data sent between the parties, potentially affecting every user connected to the app. For example, the data flowing to doctors, hospitals, and medical devices could be altered in transit. And worst of all, the MITM attack could occur without either party’s consent or knowledge, meaning the breach might not be discovered until it is too late, but the question arises to how many servers this exposed HIPAA code is planted on ?. The companies that have the most servers are Microsoft, Google, Amazon, Facebook and each are estimated to have over 1 million servers and some may have over 2 million, which these servers and companies are connected to the $3 Trillion Health Care Industry. According to this source, as of 2014 there were an estimated 75 million server’s powering the internet, with Microsoft having the most number of servers at 1 million, while Google having 900,000 servers.