There’s more than one way to hack

A recent article in Healthcare IT Newsdiscusses “Visual hacking” – not something we perhaps are as conscious of as we should be. For example, someone is standing near your desk and not even facing your computer but how easy is it for the eye to stray for just a moment and if a patient’s name is visible . . . you’ve been hacked. Jessica Davis writes “When the Ponemon Institute released its 2016 Global Visual Hacking Experiment, the research firm found that 91 percent of visual hacking attempts are successful.”

NEMT CEO Linda Sullivan

Also termed ”shoulder surfing” visual hacking occurs on desktop monitors, laptops, any kind of mobile device, and of course, paper records as well. Attacks are stealthy, occur quickly, and usually are undetected unless and until the information is used maliciously.

Davis interviewed Kate Borten, a Visual Privacy Advisory Council member and founder of The Marblehead Group. According to Borten, “Although training employees to protect against visual hacking is not required under HIPAA, CISOs and CIOs should not overlook the threat.”

Since so much of hacking is through the IT venue, and given the fact that visual hacking is not addressed by HIPAA, it’s easy to see why it can easily be overlooked.

There are some simple ways that visual hacking can be addressed including simply educating staff to the problem. Borten suggests “walk-around audits” to identify areas of vulnerability. The angle of screens away from doors, privacy filters, and screen savers are all ways that can cut down on the opportunity for patient data to be visually hacked.

Share and Enjoy:
  • Print
  • Facebook
  • Google Bookmarks
  • Tumblr
  • Twitter
  • LinkedIn
  • PDF
  • RSS

No related posts.

This entry was posted in HIPAA, IT and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>