"That association isn't as clear in health care," said Elliott. "There are a lot of things that are done in the name of good medicine and in the name of the patient. For doctors, nurses, physicians, their first priority is patient wellness, and they need ready access to data. Any security controls can possible get in the way and hinder their core purpose."
How do developers go about fixing the issue when there really is no incentive for them to do so? Elliott said, "What is the incentive to impact change? Who is enforcing them to do this well? There is obviously some regulatory component, but who is making sure that when they build product they are building in security from day one?"
Unfortunately, there are many developers right now that won’t do anything unless they are forced to do it, said Elliott. "Many will do the minimum they have to do. Fundamentally the smaller companies need to try to get larger organizations to have a much more aggressive process that will trickle down," he continued.
While vendors continue to profit from rushing products to market, patients--whether it is their data, health, or cells--will remain at risk.
Sign up for Computerworld eNewsletters.