Skip to main content
All Posts By

Lancera

It’s Not About Target Anymore

By Blog No Comments

This article is a clarion call to the healthcare industry to wake up! It’s not about Target and Home Depot anymore. On February 5th, Anthem Inc., the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, announced that 80 million records had been compromised.

It is interesting to note that this is not a unique occurrence. Just a week prior to the Anthem incident, a laptop was stolen from the Riverside County Regional Medical Center in Moreno Valley, California. The information on the laptop included names, phone numbers, addresses, dates of birth, Social Security Numbers, and clinical information such as medical record numbers, physicians, diagnosis, treatments received, medical departments and health insurance information.

To all of the State Governors, Hospital Administrators, and various CEOs of insurance and other healthcare-related entities reading this article, pay attention because herein lies the secret of knowing whether you are next. You must ask the question, “How hackable am I?” And you must fully expect to find out.
In the same month, other data breach incidents occurred at Sunglo Home Health Services of Harlingen, Texas, and California Pacific Medical Center/Sutter Health of San Francisco, California. It seems health data compromises from California to New York, and from Texas Health and Human Services to the Utah Department of Health have in recent years experienced a sharp uptick.

To all of the State Governors, Hospital Administrators, and various CEOs of insurance other healthcare-related entities reading this article, pay attention because herein lies the secret of knowing whether you are next. You must ask the question, “How hackable am I?” And you must fully expect to find out.

There is only one way to find out if you are hackable, and that is to hire a hacker to hack you. It sounds risky, but it is actually called penetration testing and is performed by reputable companies who employ credentialed individuals such as the Certified Ethical Hacker or CISSP credential.

You may say, “Well we have our own internal vulnerability team.” This is fantastic! As it should be. However these are your employees and are biased by the paycheck you sign every payday. I recommend that you hire an objective outside company at least annually to perform an in-depth internal and external penetration test on both your network, databases and critical applications.

Some standards, such as PCI, state that penetration tests by qualified outside parties should be performed annually or as often as there are changes to the environment. The point here is that such an event only applies to a point-in-time assessment and is invalidated if new technology is installed and configured incorrectly.

In summary, qualified engineers can find and report on the “hackability” of your systems, and provide a remediation report to ensure you don’t become the next Anthem. It’s not just about Target, Home Depot, or big box retailers anymore. Healthcare is now squarely on the hacker’s crosshairs.

About the Author

Greg Johnson is the VP of Security Business Development and Strategy at Lancera Security, the World’s Trusted Source of Security Solutions. Mr. Johnson is an entertaining and sought-after speaker in the world of cyber security.

Why does software need to be maintained?

By Blog, Software Development, Web Design & Development No Comments

No engineered structure is designed to be built and then neglected or ignored. — Henry Petroski

Henry Petroski, in an interview on Tech Nation, says that a common rule of thumb is that maintenance costs on engineering structures cost about 4% of the initial construction cost per year. Painting the bridge has cost far more than building it as it is painted continuously: as soon as the painters reach the end of the bridge, they go to other side and start over. The engineers who designed the bridge knew this would happen. When you build something out of steel and put it outside, it will need to be painted. It was all part of the design.

The idea of software maintenance may sound absurd but the reasons why the Golden Gate Bridge needs to be maintained is very similar to why software needs to be maintained?

Software doesn’t change, but the world changes out from under it.

  • The technological environment of the software changes. Operating systems, networks, and hardware.
  • The programming language that the software was coded in evolves and periodically changes the way things are coded. A good example is all the changes in the PHP programming language https://php.net/ChangeLog-5.php
  • People discover bugs. This does not change the software but rather our knowledge of the software and its security.
  • As people use the software, they get new ideas regarding how they want to use it.
  • New possibilities emerge and make us less content with old possibilities.The human environment around the software changes. Organizational priorities change. Laws change. Project sponsors and users turn over.

Project Transparency

By Blog, Software Development, Web Design & Development No Comments

Today most companies provide some online access during the custom software development life cycle. In many cases, the client is provided with a login to preview the latest build of their project, and in a few cases they are even given access to a bug logging system, such as Bugzilla.

In our mind, it really comes down to transparency. Instead of just being able to preview the latest build, what if the client could actually look behind the curtain, and see how the software is being developed? We’re talking about letting the client be a partner in the process. Why would we want and need to do this? Read More

So You Have A Brilliant Idea… What Now?

By Blog, Web Design & Development No Comments

The web offers almost limitless opportunities to grow your business, optimize your operations, and much more. But there are many moving parts, and you need someone to help you make sense of it all – so you can make the right decisions. Essentially, you need the assistance of a professional web development company. We’ve built powerful web applications for several Fortune and Inc 500, and many other smaller companies.

Building web applications involves a lot more than just programming with web tools. This is especially true if we are talking about a brand new website. So let’s make a list of the things we’ll need: Read More

MENU