Home » News
Receive News By Email

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Twitter risks not unique

July 31, 2009 | Molly Merrill, Associate Editor
From the August 2009 print issue

As with anything on the Web, Twitter has its security issues – and hospitals have to be on the alert.

Amit Klein, Internet security researcher and chief technology officer of New York-based security firm Trusteer, warns that hospitals in particular should be “extra wary” of Twitter security risks because the impact can be “widespread and severe.”

A hospital’s Twitter account can be compromised as a result of phishing attacks, third party feeds and malware, said Klein.

Klein said third party feeds are dangerous because there’s less control over security measures. “If you rely on third party content, and that content is compromised, it becomes part of the content that you deliver,” he said.

As an alternative, Klein recommends that hospitals manually “re-tweet” the information rather then share their credentials.

Tom Stitt, managing director for aperial, a site that focuses on planning and building open-source social networks for healthcare organizations, said the concern is a valid one for hospitals but not unique to Twitter. Problems can occur with any third-party Web service hosted outside the hospital firewall, such as Facebook or YouTube.

According to Stitt, most of the incidences where Twitter accounts have been compromised involve:

  • weak or obvious password;
  • the inadvertent release of passwords; and
  • security breaches involving third party Twitter clients.

Ed Bennett, a Web strategist at the University of Maryland Medical System, said he is unaware of any security breaches involving hospitals and sites like Twitter. Bennett keeps a blog called “Found in Cache,” which keeps a tally of hospitals using social networking.

“To me a bigger security issue would be could someone compromise my Twitter account and get into patient information,” said Bennett.

He said he has yet to figure out how someone could get credentials from Twitter and use that to access patient information. “They are completely disconnected systems,” he said.

Klein recommends that hospitals protect their Twitter accounts by using security software. “This considerably reduces the probability of your account being hijacked,” he said.

“Twitter can be used securely,” added Klein. “You just need to follow some guidelines on some procedures.”

 

Related Topics:

Reader Comments (0)Login to Post a Comment