There was once a belief that even in combat, hospitals were never targeted but in the hacking world, there are no such scruples. Everyone from hacktivists, cyberterrorists, students and organized crime are engaged in designing schemes that could put a system down – any system. The recent incident at Hollywood Presbyterian brings forward the issue of cybersecurity in healthcare.the issue of cybersecurity in healthcare 3

Hackers shut down the internal computer system at Hollywood Presbyterian for more than a week and only restored it once the hospital paid them a ransom. Their original demand was for a payment of 9000 bitcoins (approximately $3.7 million). Patient care was not compromised but the cyberattack did cause chaos in the whole facility. 911 patients had to be sent over to other hospitals and hospital staff had to revert to paper registrations. The hospital lost access to email, emergency rooms were affected and fax lines became jammed.

All this fiasco was created through a software called ransomware that has the ability to encrypt sensitive data. The software could only be unlocked with a keycode. As Tim Erlin, Director of IT Security and Risk Strategy at Tripwire points out, this incident highlights the fact that it is not necessary to attack the medical device to hinder healthcare. It can be done through simply disrupting the hospital system so that the facility’s ability to deliver care becomes hampered.

Another similar ransomware scheme called CryptoWall cost victims nearly $18 million. Another 56 types of cryptoransomware have appeared since 2013 and there are around 50 gangs who are engaged in schemes that target only hospitals. Kevin Haley, Director of Security Response at Symantec says that the most vulnerable spots for hiding such malware are WordPress blogs and advertisements.the issue of cybersecurity in healthcare 1

There has been much hue and cry about the Hollywood Presbyterian incident but the fact is that there are many other stories of hospital hacks in the last few years.

Beth Israel Deaconess was in the process of updating its computer system of storing medical records. This required a firmware update which a technician was hired to do. Not knowing the consequences of his actions, the technician connected the device to the Internet to download the update and went on break. When he returned, he found that the machine was packed with malware and somebody had actually downloaded 2000 patient X-rays and transferred them to a computer in China. Apparently, clean lung X-rays are hot commodities in China. Who would have thought?

Similarly, Boston Children’s Hospital was attacked by a hacker when it refused to treat a girl who was in state custody. A hacktivist group Anonymous was not too pleased with this decision and punished the hospital with a distributed denial of service (DDoS) attack that inundated the hospital’s servers with traffic. The DDos affected the entire subnet including Harvard University and all its hospitals.

In another incident, somebody made a fake website exactly like the Mass General Hospital’s payroll portal. The URL was a little different but not enough to alert the doctors who were instructed through email to go into their payroll site to authorize a bonus payment. Which they did. The hackers then simply used these credentials to change the doctors’ direct deposit information and easily withdrew their hard-earned income.the issue of cybersecurity in healthcare 2

Another surprising hacking incident occurred at Beth Israel Deaconess when a nurse downloaded Angry Birds on her Android phone. She downloaded it from a Bulgarian website that brought with it a malware. When later she logged into her work email from the same device, all her login details were recorded and her account was subsequently used to send 1 million spam messages from Harvard.edu.

These incidents make it evident that hacking is a significant problem for all industries – including healthcare. In fact, healthcare is even more vulnerable as hospital systems contain extremely personal and confidential information about patients.

As a person’s medical information is worth ten times more than their credit card information in the black market, it is important for organizations to ensure they implement adequate security measures that help reduce any risks and vulnerabilities. In addition, organizations should have security officials in place to ensure that security policies and procedures are implemented and only limited users have access to confidential information. Workforce and employees should be properly authorized and supervised and all workforce members should be trained regarding security policies and procedures. Understanding the importance of cyber security is essential and healthcare organizations need to work towards establishing IT systems that are both efficient and secure.

 

March 25, 2016

The Issue of Cybersecurity in Healthcare

There was once a belief that even in combat, hospitals were never targeted but in the hacking world, there are no such scruples. Everyone from hacktivists, cyberterrorists, students and organized crime are engaged in designing schemes that could put a system down – any system. The recent incident at Hollywood […]
March 18, 2016
9 healthcare trends advancing healthcare

Healthcare Insights: 9 Trends Advancing Healthcare

Digital Health has grown by leaps and bounds in the last few years. It appears that technology will continue to play a significant role in healthcare. Whether its wearables, apps, digital diagnostics and imaging or health data, information technology will be a big force in health management.  mHealth, eHealth, telehealth, […]
March 10, 2016
HIPAA compliance for health applications

What Every Health Entreprenuer Should Know About HIPAA

Most entrepreneurs perceive Health Insurance Portability and Accountability Act (HIPAA) standards to be a hurdle that would be difficult to overcome and may hamper the success of their venture. This however, is really not the case. HIPAA is fairly easy to deal with IF the venture operates with the goal […]
February 25, 2016
develop your Own electronic medical records

Should You Build Your Own EMR?

As a physician, you need to remain extremely proactive when it comes to complying with the healthcare regulations and minimizing the cost associated with patient care. In order to reduce the amount of paperwork and improve overall quality of care in a practice, it’s important to implement an EMR system […]
February 10, 2016
summary of the HIPAA privacy rule

A Definitive Guide to HIPAA Privacy Rules

Just recently, we talked about HIPAA Security Rules, the national standards that require healthcare organizations and the associated businesses associates to protect the Electronic Protected Health Information (ePHI) of an individual. Now, it’s time to have a brief discussion on HIPAA Privacy Rules. You already know that whereas security rules […]
February 4, 2016
the best health technologies from CES 2016

CES 2016 : Digital Health Technologies Disrupting How Care is Delivered [Infographic]

2015 may be remembered as a year of Healthcare reform – a year full of  new health and fitness devices, mHealth Apps. We saw a huge influx of new entrants jumped in on mobile health wagon with flooded the market with wearables and  activity trackers  A Gartner, Inc. report forecasts that […]