informa
4 min read
article

An Rx for Doctors Suffering From Spam Attacks

Health Care Notification Network (HCNN) for physicians aims to streamline alerts, as well as protect doctors from spam and other attacks

The messages show up periodically in email inboxes: "Doctor email Lists Available for Very Low Prices." On the other end typically are hackers who may or may not have legitimate lists of the nation's 900,000 doctors. Making sure that doctors’ personal data doesn't fall into the hands of crooks who want to overload doctors' inboxes with spam recently became a new responsibility for Nick Krym, CTO at Medem, a healthcare industry network service provider.

Medem, which was charged by the American Medical Association (AMA) and other healthcare entities with developing secure network services for healthcare providers, insurance carriers, and doctors, runs the new national Health Care Notification Network (HCNN), which was designed to deliver healthcare product safety information to physicians.

HCNN basically replaces the FDA's hard-copy notifications by pharmaceutical companies and medical device suppliers to physicians about problems with medication and medical equipment, according to Dr. Edward Fotsch, CEO of Medem. A who's who of the medical community -- including Aetna, American College of Cardiology, AMA, Johnson & Johnson, Pharmaceutical Research and Manufacturers of America, and The Doctors Company -- had pushed for these alerts to be delivered to doctors via email, and the FDA revamped its notification regulations last year to require such electronic alerts.

Medem, which operates a network so physicians can exchange data with patients, was then selected to provide HCNN's network and system infrastructure. The network services provider has developed a data feed of updated medication and medical equipment alerts from the FDA and stores that information in a database.

Doctors go through a registration process similar to signing up for an Internet newsletter to access the HCNN. Then they receive email notices with embedded hyperlinks to information about medication and product alerts, and they connect to Medem's database via a Secure Sockets Layer (SSL) connection. Once they enter their user name and password, they can access the information and determine how it impacts their patients. (Pharmaceutical companies and medication equipment suppliers pay for the services, and all advertising and promotions are banned).

Medem's major security concern with the healthcare product safety alerts was protecting the doctors' personal information, such as their email addresses. Medem has outsourced its security functions to BT Counterpane since 2005, a managed security services subsidiary of the telecommunications giant, and continues to tap the provider for HCNN security.

"We issued an RFP and felt that BT Counterpane had the most sophisticated security functions," noted Nick Krym, CTO at Medem. The healthcare network services provider was attracted to the extensiveness of the provider's intrusion detection and reporting functions. "When we first contacted Counterpane, [they] identified a number of places where our security procedures needed to be tightened," Krym says.

BT Counterpane provides Medem with real-time application monitoring, vulnerability scanning, and app security assessments.

Medem’s services are an obvious target for hackers looking for sensitive and potentially valuable healthcare data. "We are constantly -- at least several times a day -- getting probed by hackers and need to make sure that we are doing as much as possible to protect our data," Krym says.

Medem expects attack attempts to increase as HCNN usage rises. The alerting network came online in March, and Medem's Fotsch expects that most active physicians will have signed up for it by the end of this year. The doctors have a couple of reasons for making the switch -- the network relays information faster and more effectively than the paper system, improves patient safety by providing information to the doctors more quickly, reduces their liability risks, and eliminates paperwork.

The goal is for physicians to convert to HCNN without worrying about hackers grabbing their email addresses and flooding their inboxes with advertisements for low-cost prescription drugs or other spam.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • BT Counterpane