"They should have never, ever been connected to the Internet"
Is incorrect.
The proper way of putting it is that "They should have never, ever been connected to the Internet in a manner that permitted close interaction with the data sets and IP ports associated with the collection and correlation of the data."
Distribution of the data, or correlation of data sets can be published without exposing the underlying data sets or data collection systems to malicious manipulation.
It is the lack of infrastructure, management, and control of the "publishing" vs. the collection and data set systems themselves that become an issue here.
The MRI machine should be permitted to talk to the Medical Center maintained data storage systems, ONLY. These Data Storage systems should only be allowed to talk to "Middleware" systems, also maintained by the entity.
the Middleware or interpretive systems should only be able to talk through port, protocol and data specific IPS systems before it actually leaves the facility.
It is unfortunate that most communities do not recognize the need to issolate their data in this manner, thus the exposure. If, in this era of "virtualization" of services within a single physical server, this was recognized, but the OS and HW manufacturers, then this type of liability could be a thing of the past....unfortunately, this is not true. Nor is it true in companies that do not virtualize servers/services with a single IP address with many ports open to investigation.
Discussion on:
Message 5 of 1
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
