Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
LawHealthTech Profile picture
@LawHealthTech
Jul 11 19 tweets 4 min read Read on X
Your health data is being breached every day through stupidity and ignorance

I am collecting together some data about the larger breaches, but I am seeing evidence that many small breaches of hundreds of patient records happen every single day around the world - a short 🧵 Image
As I collect data on larger breaches, there are two common themes for the cause that I am seeing

The first centres on the fact that senior experience in hospital & Health IT workers has been so eroded that the quite frankly uncompetent staff who remain are not up to the task... Image
While many in the media portray the breaches as being caused by little more than the absence of things like 2FA or multi-factor authentication, this ignores some of the quite frankly simple IT security lapses & issues that are repeatedly observed...
these include
The over-reliance on 'cloud' based solutions that mean sensitive data is constantly traversing the public internet
and
The repeated use of solutions that even where the data is maintained locally, the platform itself must always be able to see the internet...
What this means is that there is no clear border or boundary between sensitive health data that should not be accessible to or from the internet, and the wider internet with all its scary inhabitants...
And no, the ignorant belief that we think our Checkpoint firewall or intrusion monitoring system will catch or prevent hackers or inappropriate access to the data is not a replacement for securing that data in a way that prevents it being accessible in the first place
This accessibility has led to millions of personal and highly sensitive health records being accidentally leaked to search engines through the 'secure' access apps having embedded scripts that allow Google or Facebook to see the user session...
and on a daily basis allows hackers and ransomware apps to simply walk right in and both steal copies of the data, and then encrypt the data, making it inaccessible to doctors. Ransomware attacks have gained hackers tens of millions of dollars and harmed patients Image
Image
Image
This highly sensitive data that includes personal identifiers (an individual's ID, social security or national identifier numbers, names, addresses, DOB) and their diagnosis, treatment and medication information should be maintained in closed networks without internet access
I have walked into NHS, NSW Health and NZ MOH datacentres and Server rooms and watched as IT staff simply open up a browser window (often insecure and highly hackable Chrome-based browsers like Edge) on an EHR records server and browse the web like it's their home computer
Computers with sensitive data should be on secure VLANs with absolutely NO internet access for any reason. If we fought back against software platform vendors who want 'always on connectivity' from their platform to the internet, they would very quickly back down
The second type of attack is enabled by the same mistake. Hospital & health IT people roll out ward computers with a standard image that often has unfettered access through the network to a myriad of secure, cloud and insecure internet sources....
All too often their approach to desktop security is to make it a combination of the users problem, or to rely on those firewalls in the datacentre to do all the heavy lifting for them. They create login & password and MFA complications that users get annoyed with and defeat...
And they believe that all their user-level complications mean that they can be lax with both the desktop security, and the rest of the network platform security. Yes, there are a lot who CLAIM their networks are highly secure - but the huge number of breaches says otherwise
While the first type is little more than data leaking from internet-connected servers and server platforms, the second type is data leaking from all the hundreds of user-land devices around the hospital.
The doctor browses the web that was poorly secured by IT, and through the Edge browser (which is swiss cheese security at its finest) the drive-by hacker gets access from the browser to the EHR database.
In a recent example that affected Epworth and Royal Melbourne Hospitals in Australia, one cadiologist's web browsing on the hospital network coupled with poorly secured EHR solutions in the server room downstairs gave a drive by hacker 40Gb of highly sensitive patient data
The takeaway message?

Hospital IT staff - get patient data out of the cloud and off the web. If the systems were not able to access the internet and were not internet accessible, almost none of the thousands of recent data breaches could have occured
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with LawHealthTech

LawHealthTech Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @LawHealthTech

LawHealthTech Profile picture
May 13
I've been working on a causal Bayesian model to understand Jayaram's role in the Letby prosecution

The hypothesis I'm testing is that Letby murdered Baby K based on the presence or, more correctly, absence of motive & opportunity

Jayaram's evidence is almost entirely unreliable Image
To answer a few of the DMs

1 I call his expertise into question because he is a paediatrician NOT a neonatologist. The lack of neonatology expertise appears to be a BIG issue in this case
2 There was no supporting corroborating evidence. In fact swipe & email evidence refute him
3 The swipe & email evidence both call the plausability of his testimony into question, as does the fact that he claimed to 'almost' catch her in the act. How can he know what she was doing if she wasn't actually doing it? .../
Read 7 tweets
LawHealthTech Profile picture
Aug 8, 2024
Some of you will have noticed this article in the Guardian today - proclaiming such subjective things as
"opioids put 'millions' at risk"
"1 in 3 taking opioids show 'signs' of dependence"
and
"1 in 8 are 'at risk' of misuse"
It's all hyperbolic nonsense.../1 Image
I am currently about 250 hours into reviewing the sensational and hyperbolic claims that got over-the-counter (OTC) analgesia containing codeine, a low-strength low-dose opioid, rescheduled as prescription only in Australia and NZ. What am I finding?.../
Papers that claim thousands of people per year are misusing OTC codeine that use biased data from an NGO that gets its money from the govt each time sensational headlines are created - and where the director of the NGO was also the director of the university research lab.../3
Read 13 tweets
LawHealthTech Profile picture
Jun 13, 2024
This shows me the prosecutor is either getting bad info or deliberately misleading the jury

At or near term - yes. 7/10 or above is a baby in good condition

In a very premature baby this is not a sign of ANYTHING... I will explain... Image
At birth, and for a short while after, the baby is still under the positive influence of oxygen & nutrients he/she received from the mum. Also at birth the baby, like the mum, secretes adrenaline and other stress hormones to give him/her strength enough to be born... Image
For this reason, the baby at birth is still under the effects of these metabolically positive influences - and even the very premature baby will appear to "try to live" and sometimes... indeed, often, have high APGARs for a period of time... but...
Read 4 tweets
LawHealthTech Profile picture
Apr 9, 2024
How Australia and NZ were conned into making Over The Counter (OTC) low-dose codeine analgesics prescription only... a 🧵

Nicholas Buckley, Rose Cairns, J Simon Bell, Suzanne Neilsen, Dan Lubman et al set themselves up as 'academic experts' on opioid drug abuse.../1
While they were working for universities like UNSW and Monash, several of them were also involved in setting up and running such communist funders and 'education' groups as Turning Point. Lubman is director of MARC at Monash and Turning Point who fund much of MARC's work.../2
Neilsen was also working for Turning Point and at first UNSW's NDARC, then Deputy Director and later Director of CMUS at Monash. There is such an incestuous relationship between Turning Point and Monash (and UNSW) that it's hard to tell when they are speaking for one or the other
Read 19 tweets
LawHealthTech Profile picture
Dec 12, 2023
In the review I am doing of Cheap and Dirty tricks being used in vaccine clinical trial papers, I came across a couple of strange and disturbing things in the latest paper from the staff of the UK's Office of National Statistics (ONS).../ Image
First though, a bit of history.

I and a group of researchers that included @profnfenton @MartinNeil9 @ClareCraigPath @jengleruk and others identified some dirty pool and systematic problems with the ONS data on covid deaths and vax efficacy

wherearethenumbers.substack.com/p/the-latest-o…
@profnfenton @MartinNeil9 @ClareCraigPath @jengleruk We wrote to and spoke with two of the authors of the paper I reviewed today - Vahe and Charlotte - and despite their initial protestations they promised to 'do better'... but each time the same reports came out the same and worse problems and flaws were evident Image
Read 14 tweets
LawHealthTech Profile picture
Sep 24, 2023
This week I have enjoyed the fun of someone trying to use cancel culture to silence me. That person, a retired nurse I am told, believes her own unassailable belief in Lucy Letby's guilt should be the only voice heard.../1
She believes that those, like me, who suggest the evidence might lead to other more probable conclusions, should be silenced. And that if she cannot get us silenced from social media and blogging platforms, it is her job to relieve us of our incomes and employment.../2
Sadly, the thing she tried to cancel me with was seven words that, unfortunately for her, were uttered by someone else. A sentence uttered 'off the cuff' that I didn't notice until after the video was released - and that when I did notice, I immediately issued a correction.../3
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(