White hat hacker: Health care IT security tech easy, policy hard

CAMBRIDGE, Md. -- Ralph Echemendia, an independent IT security contractor -- also known as a "white hat" or "ethical" hacker -- first learned the ins and outs of complex networking in a health care setting. Although he's gone on since then to work for large entertainment companies and a host of clients in other industries, he still works for health care organizations who give him very little information and challenges such as "here's the address of our office tower; find and get into our data center." The goal is to find holes in the organizations' health care IT security policies.

Through clever technological and social engineering means, he's rarely thwarted, Echemendia told attendees at the HealthTech Council's fall meeting in Cambridge, Md. We sat down with him to discuss just what an ethical hacker does, and where he thinks health care CIOs and their compliance-officer peers should look to shore up vulnerabilities in their own privacy and security policies. His advice in a nutshell: Technology controls are easy for securing information; training all the humans to abide by the policies is hard.

Let us know what you think about the story; email Don Fluckinger, Features Writer or contact @DonFluckinger on Twitter.

This was first published in October 2012

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.