White hat hacker: Health care IT security tech easy, policy hard

An exclusive interview with white hat hacker Ralph Echemendia offers health care CIOs tips on how to shore up health care IT security.

CAMBRIDGE, Md. -- Ralph Echemendia, an independent IT security contractor -- also known as a "white hat" or "ethical" hacker -- first learned the ins and outs of complex networking in a health care setting. Although he's gone on since then to work for large entertainment companies and a host of clients in other industries, he still works for health care organizations who give him very little information and challenges such as "here's the address of our office tower; find and get into our data center." The goal is to find holes in the organizations' health care IT security policies.

Through clever technological and social engineering means, he's rarely thwarted, Echemendia told attendees at the HealthTech Council's fall meeting in Cambridge, Md. We sat down with him to discuss just what an ethical hacker does, and where he thinks health care CIOs and their compliance-officer peers should look to shore up vulnerabilities in their own privacy and security policies. His advice in a nutshell: Technology controls are easy for securing information; training all the humans to abide by the policies is hard.

Let us know what you think about the story; email Don Fluckinger, Features Writer or contact @DonFluckinger on Twitter.

This was first published in October 2012

Dig deeper on Electronic health records security compliance

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close