Availability of clear requirements for information security. Medical data is one of the most sensitive categories of information, belonging to a special category of PDn and medical confidentiality.
Low level of automation of information support of state medical institutions. In most cases, the equipment they have is outdated and heterogeneous.
Industry-unique devices, software, protocols, and communication standards. They also need to be protected because they can store and exchange sensitive data with each other and the local area network.
Information security in medicine is often given secondary attention. For example, unprotected information exchange between the laboratory and the attending physicians is the norm. In other industries, this would be unacceptable. Here, the speed of obtaining medical information is more critical than confidentiality.
Typical information security violations in the healthcare industry
The most common scheme of violations in healthcare is collusion with funeral organizations to sell them data on deceased patients. Less common are negligent handling of medical confidentiality (transfer to unauthorized persons, violations in the disposal of documents) and the introduction of false entries into medical information systems (MIS). The most common violators are junior medical personnel, employees of dispatch services and pathological departments. Let's consider cases and elements of crimes.
Selling medical data is the transfer of highly bosnia and herzegovina mobile database health information to third parties for a fee. Liability depends on the qualifying article:
Unlawful influence on critical information infrastructure. A fine of up to 1 million rubles or restriction of freedom for up to 2 years or imprisonment for up to 10 years.
Unauthorized access to computer information. A fine of up to 500 thousand rubles or restriction of freedom for up to 4 years or imprisonment for up to 7 years.
Violation of privacy. Fine up to 350 thousand rubles or arrest for up to 6 months, or imprisonment for up to 5 years.
Receiving a bribe. Imprisonment for up to 15 years, depending on the size of the bribe.
Here are some cases of these violations.
Unlawful impact on critical information infrastructure: IT specialists of the ambulance service sold data to the owner of a funeral home. To do this, they installed spyware that downloaded patient data and ambulance routes. The offenders were sentenced to a fine of 350,000 rubles, according to the appellate ruling of the Orenburg Regional Court in case No. 22-459/2023.
Taking a bribe: a pathologist sold data on deceased patients to a funeral home owner for a large sum. The culprit was fined 7 million rubles and sentenced to a long prison term.