Back in May, the WannaCry ransomware attack infiltrated thousands of healthcare systems in over 150 countries. The targeted institutions received message on their computers saying their media files and databases were encrypted, and the only way to get this data back was to pay a ransom in the form of bitcoins. Although cybersecurity researchers were able to infiltrate the coding, their efforts only hindered instead of outright discontinuing the malware’s rate of spreading. Evidently, this incident has been just one of many to plague the healthcare industry in recent years.
Healthcare may be the most vulnerable industry to cyberattacks than any other due to the vast array of data these facilities and organizations contain. High quantities of legitimate users can increase the likeliness for errors, leaving systems susceptible to being infiltrated. With the Internet of Things (IoT) broadening the number of electronic options and wireless connectivity outlets, several industries are taking advantage of these modern innovations. In the healthcare industry, hospital equipment, communicative outlets between patients and staff, along with means of accessing administrative and private information are all outlets being utilized by IoT connectivity. Having said that, the expansion and incorporation of Internet-connected devices also gives cybercriminals more outlets for infiltrating databases and other computerized systems that modern healthcare facilities contain.
Cyberattacks targeting healthcare facilities can have catastrophic impacts on individual patients by disrupting the continuity of their care, along with compromising personal data like their names, social security numbers, and residential addresses. Among the most vulnerable healthcare facilities are small pediatric practices, since many have finite financial resources to stay above recommended security thresholds. Although physicians are required by federal law to report data breaches to the Department of Health and Human Services (DHHS) Office of Civil Rights (OCR), industry experts believe up to half a million medical records of children and young teens are currently available for purchase on the black market and dark web.
OCR reporting records for pediatric patients are below that figure, suggesting many healthcare providers might not even be aware their patient data has been compromised. Cybercriminals can use stolen medical records for a variety of illegal activities like tax fraud, along with medical and financial identity theft. This makes children especially vulnerable since years or decades could pass before they even become aware their data was stolen. This is especially the case when their healthcare provider is oblivious to being infiltrated.
The federal government perceives cybersecurity as a joint responsibility among all sectors that collect, maintain, and/or create data and information within computer systems. A mandate for the DHHS to establish a healthcare industry cybersecurity taskforce was instated through the Cybersecurity Information Sharing Act of 2015, which addresses the looming threat of cyberattacks over the healthcare industry.
In June, the taskforce unveiled a report on improving cybersecurity in healthcare, which featured over 100 recommendations. The office of the National Coordinator for Health Information Technology also issued 10 tips for proper maintenance of cybersecurity in healthcare.
Filed Under: Cybersecurity, M2M (machine to machine)