There was once a belief that even in combat, hospitals were never targeted but in the hacking world, there are no such scruples. Everyone from hacktivists, cyberterrorists, students and organized crime are engaged in designing schemes that could put a system down – any system. The recent incident at Hollywood Presbyterian brings forward the issue of cybersecurity in healthcare.the issue of cybersecurity in healthcare 3

Hackers shut down the internal computer system at Hollywood Presbyterian for more than a week and only restored it once the hospital paid them a ransom. Their original demand was for a payment of 9000 bitcoins (approximately $3.7 million). Patient care was not compromised but the cyberattack did cause chaos in the whole facility. 911 patients had to be sent over to other hospitals and hospital staff had to revert to paper registrations. The hospital lost access to email, emergency rooms were affected and fax lines became jammed.

All this fiasco was created through a software called ransomware that has the ability to encrypt sensitive data. The software could only be unlocked with a keycode. As Tim Erlin, Director of IT Security and Risk Strategy at Tripwire points out, this incident highlights the fact that it is not necessary to attack the medical device to hinder healthcare. It can be done through simply disrupting the hospital system so that the facility’s ability to deliver care becomes hampered.

Another similar ransomware scheme called CryptoWall cost victims nearly $18 million. Another 56 types of cryptoransomware have appeared since 2013 and there are around 50 gangs who are engaged in schemes that target only hospitals. Kevin Haley, Director of Security Response at Symantec says that the most vulnerable spots for hiding such malware are WordPress blogs and advertisements.the issue of cybersecurity in healthcare 1

There has been much hue and cry about the Hollywood Presbyterian incident but the fact is that there are many other stories of hospital hacks in the last few years.

Beth Israel Deaconess was in the process of updating its computer system of storing medical records. This required a firmware update which a technician was hired to do. Not knowing the consequences of his actions, the technician connected the device to the Internet to download the update and went on break. When he returned, he found that the machine was packed with malware and somebody had actually downloaded 2000 patient X-rays and transferred them to a computer in China. Apparently, clean lung X-rays are hot commodities in China. Who would have thought?

Similarly, Boston Children’s Hospital was attacked by a hacker when it refused to treat a girl who was in state custody. A hacktivist group Anonymous was not too pleased with this decision and punished the hospital with a distributed denial of service (DDoS) attack that inundated the hospital’s servers with traffic. The DDos affected the entire subnet including Harvard University and all its hospitals.

In another incident, somebody made a fake website exactly like the Mass General Hospital’s payroll portal. The URL was a little different but not enough to alert the doctors who were instructed through email to go into their payroll site to authorize a bonus payment. Which they did. The hackers then simply used these credentials to change the doctors’ direct deposit information and easily withdrew their hard-earned income.the issue of cybersecurity in healthcare 2

Another surprising hacking incident occurred at Beth Israel Deaconess when a nurse downloaded Angry Birds on her Android phone. She downloaded it from a Bulgarian website that brought with it a malware. When later she logged into her work email from the same device, all her login details were recorded and her account was subsequently used to send 1 million spam messages from Harvard.edu.

These incidents make it evident that hacking is a significant problem for all industries – including healthcare. In fact, healthcare is even more vulnerable as hospital systems contain extremely personal and confidential information about patients.

As a person’s medical information is worth ten times more than their credit card information in the black market, it is important for organizations to ensure they implement adequate security measures that help reduce any risks and vulnerabilities. In addition, organizations should have security officials in place to ensure that security policies and procedures are implemented and only limited users have access to confidential information. Workforce and employees should be properly authorized and supervised and all workforce members should be trained regarding security policies and procedures. Understanding the importance of cyber security is essential and healthcare organizations need to work towards establishing IT systems that are both efficient and secure.

 

March 25, 2016

The Issue of Cybersecurity in Healthcare

There was once a belief that even in combat, hospitals were never targeted but in the hacking world, there are no such scruples. Everyone from hacktivists, cyberterrorists, students and organized crime are engaged in designing schemes that could put a system down – any system. The recent incident at Hollywood […]
March 18, 2016
9 healthcare trends advancing healthcare

Healthcare Insights: 9 Trends Advancing Healthcare

Digital Health has grown by leaps and bounds in the last few years. It appears that technology will continue to play a significant role in healthcare. Whether its wearables, apps, digital diagnostics and imaging or health data, information technology will be a big force in health management.  mHealth, eHealth, telehealth, […]
February 4, 2016
the best health technologies from CES 2016

CES 2016 : Digital Health Technologies Disrupting How Care is Delivered [Infographic]

2015 may be remembered as a year of Healthcare reform – a year full of  new health and fitness devices, mHealth Apps. We saw a huge influx of new entrants jumped in on mobile health wagon with flooded the market with wearables and  activity trackers  A Gartner, Inc. report forecasts that […]
January 21, 2016
Data analytics in healthcare

Data Analytics in Healthcare: Boon to Healthcare Reform

2015 witnessed numerous healthcare trends that redefined the industry and opened newer avenues to patient engagement. While it is yet to see what changes 2016 will bring to healthcare, it would not be wrong to say that healthcare analytics will still remain one of the primacy focus. Although with digital […]
November 25, 2015
digital health: past and future

Digital Health: Past and Future

“One thing we’re focused on is how to leverage technology to take us back to a time when there was a stronger (or maybe closer) physician and patient relationship, but with all the benefits of the modern world.”                                                                   — Michael McGarry, Director, Ascension Health The US healthcare industry is seeing […]
November 18, 2015
Internet of things and patient engagement

IoT and Patient Engagement: How IoT is Defining Three Es of Engagement [Infographic]

It’s no doubt that patient engagement is among the top healthcare priorities. For medical providers, it’s imperative to interact with their patients and empower them with the right information at the right time. A new concept named Internet of Things (IoT) has revolutionized the world with its vast capabilities of […]