In cyberspace, no one can hear you scheme

Article

The old telephone party line is back. Now it's called the network."The near-ubiquitous remote availability of information is one of the most compelling advantages of information systems," said Dr. Paul Chang, director of radiology informatics at the

The old telephone party line is back. Now it's called the network.

"The near-ubiquitous remote availability of information is one of the most compelling advantages of information systems," said Dr. Paul Chang, director of radiology informatics at the University of Pittsburgh Medical Center.

Unfortunately, it is also a monumental security liability. Although the probability of attack is slim, the consequences of data loss are huge, he said.

But most people consider security an IT issue, to be solved by throwing more hardware and software at it.

"This is an inaccurate perspective," Chang said. "Any adequate security model transcends devices and technology. It's critical that security be integrated into user workflow."

The problem is that security is boring, in the way that car insurance is boring.

"People want to pay as little as possible for security, then hope they never need it," he said.

Chang discussed network security during a SCAR University session Friday morning, in which he outlined six areas of concern.

· Secure the environment.
"Any guy in a lab jacket can steal a baby or get to your PACS archive and network closet," Chang said.

· Secure the network. Everyone must have a firewall.

· Secure the computer and software. Run antivirus software.
"Beware of laptops, the unfaithful spouses of IT," Chang said.
Laptops are often exposed to the outside world, especially "Trojan horses" left by vendors for backdoor network access.

· Secure the computer. Install patches. Keep the operating system current.

· Secure the data. Consider rights management. Practice disaster recovery.
"E-mail without encryption is insecure, a postcard anyone can see," Chang said.

· Secure the user. Authentication is critical, but overly zealous security schemes may backfire, leading to Post-it notes with passwords stuck to monitors. No guest accounts, and no general user should have administrative rights as delivered in Windows XP.

· Auditing is important.
"How will you know something is wrong if there is no audit trail?" Chang said.

Recent Videos
SNMMI: 18F-Piflufolastat PSMA PET/CT Offers High PPV for Local PCa Recurrence Regardless of PSA Level
SNMMI: NIH Researcher Discusses Potential of 18F-Fluciclovine for Multiple Myeloma Detection
SNMMI: What Tau PET Findings May Reveal About Modifiable Factors for Alzheimer’s Disease
Emerging Insights on the Use of FES PET for Women with Lobular Breast Cancer
Can Generative AI Reinvent Radiology Reporting?: An Interview with Samir Abboud, MD
Mammography Study Reveals Over Sixfold Higher Risk of Advanced Cancer Presentation with Symptom-Detected Cancers
Combining Advances in Computed Tomography Angiography with AI to Enhance Preventive Care
Study: MRI-Based AI Enhances Detection of Seminal Vesicle Invasion in Prostate Cancer
What New Research Reveals About the Impact of AI and DBT Screening: An Interview with Manisha Bahl, MD
Can AI Assessment of Longitudinal MRI Scans Improve Prediction for Pediatric Glioma Recurrence?
Related Content
© 2025 MJH Life Sciences

All rights reserved.