Healthcare Website Security & Foreign Hackers


Internet Security | Vanguard CommunicationsFoiling foreign hackers
In 2013, Vanguard Communications invested tens of thousands of dollars into health care website security for our clients and without anyone’s advance knowledge. Why? Good question with a complex answer.

Last month Time Magazine named Pope Francis as its Person of the Year. Had it been up to us, we would have instead named the Internet hacker as POTY for 2013.

We’re now learning that in the Christmas shopping season, customers of not only Target but also Neiman Marcus may have had their credit card information comprised – an estimated 70 million total. Security experts are speculating that the perpetrators are Russian, as some of the code was written in that language.

In addition, in 2013 hackers stole financial and/or sensitive personal information from the websites of Twitter, Facebook, Google, J.P. Morgan and the central bank of China.

Last year hackers also broke into – and in some cases, brought down – the websites of Google, Apple, Microsoft, the New York Times, the Washington Post, the New York Stock Exchange, Nasdaq, VISA, J.C. Penney and the Federal Election Commission.

 Hackers cross a new threshold

In many ways, 2013 was a turning point in hacking and online privacy, with enormous consequences for the healthcare sector. Internet hacking became a worldwide growth industry last year in part because it is getting easier to do. Hacking is generally an automated process performed by special software called robots, which roam (or “crawl”) the Internet at lightning speed, looking for holes in websites and databases to exploit.

The latest hacking skills and techniques can be acquired and deployed from anywhere on the planet with Internet access. You can easily guess which country is the biggest hacking bullseye: “Hackers from China, in Russia, Syria, you name it, are constantly targeting U.S. websites,” David Levinthal of the Center for Public Integrity said on CNN “New Day.”

The good news is that by design, Vanguard’s clients’ websites generally hold very little to none of the most valuable data sought by hackers, specifically detailed personal health information. The more worrisome news is that once a hacker’s robot is unleashed on the Internet, it is typically agnostic about which website it penetrates and foils – if it can break into the site, chances are that it will.

Additionally, some security experts say that health information can be as much as five times more valuable to hackers as financial information, due to the lure of gaining illicit access to prescription drugs.

Added to growing security risks is the increasing speed of technological advancements. This makes our job harder and more expensive. For example, Google recently told Wired Magazine that it changes its search-engine algorithm 550 times per year. Imagine how much work this adds to our responsibilities in keeping our clients’ web pages high in Google rankings.

 Adding more locks to website security

For all these reasons and more, in 2013 Vanguard voluntarily invested in considerable website and technology upgrades for our clients, to the tune of thousands of dollars per site. The upgrades include:

1. New software for website forms that add new security for the storage and transmission of patient information received via the forms and also add administrative features of managing incoming website requests.

2. New hosting for client websites. This is a big one; the hosting company we’d been using for several years was sold in 2013, and immediately pages on our client websites began loading more slowly. We suspected that the new owner was cutting costs by jamming more websites onto fewer web servers, thus clogging the server processors.

You may recall part of the controversy of the website launch over pages taking 8 seconds or more to fully display in a visitor’s browser. Soon after the sale of our hosting company, we found pages taking as long as 15 seconds to load.

We have reduced page load time to less than 2 seconds for almost all pages, partly because of the new hosting service but also due to the upgrade in the next point. (If you find your website taking longer than 2 seconds, it may be due to the speed of your Internet connection, not the server speed.)

3. A new, third-party backup system for websites. As of this month, we will be backing up websites daily to the cloud independently of our website hosting servers. Therefore, if there’s ever a security problem on the hosting servers, we will have separate copies of every website stored on another company’s server computers. We also will keep a copy of every backup for 60 days, giving us not one but essentially 60 copies of every website.

4. Deployment of a new website caching system (requiring an extra server) with two benefits – a) reduced page load time (per the above point), and b) improved anti-hacking security. Caching means that web pages are saved in special computer memory for faster loading and other advantages, including (in this case) monitoring and blocking suspicious activity. Below is a sample report for one week’s monitoring on one client’s website, showing 45 security threats in just seven days from origins as far flung as Brazil, Puerto Rico, Russia and Sudan.

5. New keyword ranking software, that allows our search-marketing team (search engine optimization and search engine marketing specialists) to more precisely monitor and adjust the ranking of individual web pages on our clients’ sites for higher rankings on Google and other search engines for multiple search terms.

6. Lastly and most costly, a dramatically different methodology for managing, upgrading and safeguarding websites known variously as source control, version control or revision control. As you probably know, we use a website software called WordPress for almost all our clients. Because WordPress is known among web developers as “open source” software, anyone can develop and sell or give away customized software for WordPress websites. Known as plug-ins, such customized software adds extra security and functionality features on an `a la carte basis.

However, open-source software is a double-edged sword; newly developed WordPress software often conflicts with other software and with certain browsers, sometimes causing the site to render improperly or break.

As a result, over the last six months we have been upgrading client sites to what we call the Vanguard Source-Control Platform, ensuring that all WP software and plug-ins interoperate without conflict and also guaranteeing that each site will have the latest security updates from the official WordPress development team. (WP updates are issued multiple times annually and should consequently be installed and configured on every WP website for compliance.)

 Our investment in Internet security

These changes have more than tripled our monthly costs for website maintenance. We have absorbed all the costs. Why? We consider it our mission to provide the most reliable, state-of-the-art websites reasonably available and to provide your patients with the best, most private online experience reasonably possible.

Today’s specialty health care providers cannot prosper without competitively informative and useful state-of-the-art websites, as evidenced by the fact that virtually all our clients experience five to ten times (or more) visits to their websites each month as in-person visits to their clinics.

As the cost of technology continues to rise, Vanguard is forced to allocate scarce resources ever more carefully. Every year, third-party tech vendors are either increasing their fees or cutting the quality of services.

Without making absolute promises, of course, we will nonetheless continue shielding our clients from these kinds of increased expenses as much as possible. Meanwhile, we pledge our best efforts in keeping the cyber thieves at bay.

Vanguard considers our client’s security our #1 priority

Protect your website and protect your patients’ information with Vanguard’s suite of security features for websites and online forms. Our PHI Security Suite offers the highest meaningful level of Internet security, satisfying and surpassing HIPAA standards.

Learn about our PHI Security Suite Contact us