The eHealth Vulnerability study released today sounds self-serving, but does make clear that health IT is something of a technology backwater where security and patching has yet to catch up with supply or demand. The group represents existing players in health care, security and IT, rather than the groups seeking to mandate use of electronic health records. What their report (PDF) finds, basically, is that routine patches often aren't made to hospital programs, that standard security monitors often aren't used, and that no one group has yet established best practices, especially in the area of securing the data. In some ways this is a chicken-or-egg situation. You need a market before you can build the bureaucracies needed to monitor it -- even...