In: Accounting
The health industry is in serious peril of
hacking. Please read the below articles as well as find at
least two others that discuss theft of media cal data or threats to
medical equipment such as pacemakers,etc.
What are the issues? Why are we vulnerable? What kind
of harm can theft of medical information/interference with medical
devices cause? How do consumers stay
Why hackers are going after health-care providers
The health-care sector has a lot of information that could be valuable to criminals and that makes them a juicy target.
First, they often have a bunch of personal information that could be use for traditional financial fraud -- things like your name, social security number, and payment information. But they also have health insurance information, which can be sold for even more on online black markets because it can be used to commit medical fraud -- things like obtaining free medical care or purchasing expensive medical equipment -- that often isn't caught quite as quickly as credit card or bank account fraud.
A particularly plucky cybercriminal could even find a way to leverage compromising medical information guarded by health-care providers into a blackmail scheme -- although that hasn't become a major avenue for attack yet, according to Ben Johnson, co-founder and chief security strategist at cybersecurity Carbon Black.
However, several U.S. hospitals have also now been hit with ransomware, a type of malicious software that basically lets an attacker hold a computer hostage. Once ransomware gets in a system, it starts quietly using hard-to-break encryption to lock up the information stored there -- making information inaccessible to the legitimate user. After the software has finished locking things up, it typically pops up with a message demanding a payoff in a difficult-to-track digital currency like bitcoin in exchange for the digital key needed to get back into the data.
This is a particular type of nightmare scenario for health-care providers because more and more of them rely on electronic medical records to keep things up and running.
Just how vulnerable is the health-care sector to cyberattacks?
Things aren't looking good.
According to cybersecurity firm TrendMicro, health care was the sector that was hit hardest by data breaches from 2010 through 2015. Not all of those breaches involved hacks -- two-thirds were actually due to the loss or theft of things like laptops, smartphones, or thumb drives -- but it still demonstrates a major problem with the way the industry approaches keeping data safe.
"It's a big environment with a lot of different pieces -- and not a lot of investment in cybersecurity," said Johnson.
Part of the problem is that hospitals and doctors' offices often have to oversee a mishmash of different types of equipment running different types of software -- and they can't always apply standard security practices, like regular updates, without risking instability because it might break the connections between systems, according to Jay Radcliffe, a senior security consultant at cybersecurity company Rapid7.
What is the health-care sector doing to fix all this?
The industry has its own groups dedicated to helping coordinate how it responds to cybersecurity threats, including the National Health Information Sharing and Analysis Center, or NHISAC, which was founded in 2010. Those sort of efforts are useful because they can help industries work together to help stem the spread of a particular type of threat early on.
And there is at least one bright side of all the recent breaches and hacks in the health-care sector: "They're really waking up to the fact that they are a huge target," said Johnson.
But, unfortunately, that awareness is just part of the problem. Even once an organization has committed the funds to build up their digital defenses, it can be difficult to plot the best path forward, according to Johnson, because it takes time to figure out which tools to put in place and whom to hire.
The latter part can be difficult for health-care providers because there's a shortage of security professional across all industries.
"I've literally talked to health-care organizations that have 300 open security positions, and are struggling to fill even a handful of them," said Johnson.
"It's going to be a rough few years," he said.
we have to do following to stay safely
Make sure the devices on your networks are up to date
Use stronger passwords
Use two-factor authentication
Don’t click on links or open attachments from untrusted or suspicious sources
Regularly backup important files