There cannot be two opinions when it comes to the impact that technology and connectivity have had on the Healthcare sector. Whether it’s keeping the e-records of thousands of patients or using the connected devices to execute various purposes — connectivity has made the healthcare sector work in an efficient and productive way. Unfortunately, it comes with a few strains.
Whether you are a computer nerd or just a casual user, you would have at least heard of the “WannaCry” ransomware attack. It caused a massive uproar worldwide and the hospitals of the UK were not spared either. Around 15-20 hospitals were immensely affected by it. The hospitals lost access to imperative information such as patient records, emails, appointments etc. There were even cases of patients being transferred to other hospitals. This exemplified why we need to take care of web security as far as the Healthcare Industry is concerned.
Cybersecurity: A Looming Danger for Healthcare
Going by the numbers, we might be entering the most threatening times as far as web security is concerned. Not only the ransomware attacks but also cyber-attacks such as man-in-the-middle (MITM) attack and brute-force attacks are getting common these days. This danger is bound to rise with more and more smart devices being used. More than any other sector, the medical industry must take robust actions to avoid such calamities. Here is the thing—if your credit/debit card details get leaked, you can block it, but if a medical record gets compromised, you may suffer for years. This is why online health records are sold for around 50 times the price of a stolen credit card details on the Dark Web.
Looking at the current scenario, it is hardly encouraging. HIMSS Analytics Healthcare IT Security and Risk Management Study indicates that only 6% of the healthcare sector’s IT budget is allocated for security measures—much lower compared to other industries. As a result, cyber-attacks rose by staggering 63% in 2016 from the year 2015.
Assessing Points of Leakage
Looking and analyzing the data of the past few years, there are mainly two ways in which the web security can be compromised. The first is the hacking of medical devices, regarded as MEDJACK. And the second one is ransomware—which you all know pretty well.
Using the MEDJACK technique, the hacker gets access to medical devices through the backdoors. This can be done using fraud emails, malware, and malicious websites. The life of a patient could potentially be in danger if the hacker gets access to a life-support equipment or a diagnostic machine. This is an extremely dangerous territory and the hospitals must proceed with extreme caution. Unfortunately, they don’t. Only 23% organizations enforce a constant risk management program—miles away from what is needed. The majority of the organizations don’t even have the capability to detect such MEDJACK attacks, forget about countering them.
A ransomware attack can potentially shut down the operations within hospitals. The combination of financial strength of the organization and the significance of electronic record makes hospitals an easy and rewarding target to attack. As it is a matter of life and death of many, the hospitals are forced to pay the ransom. As a result, almost 90% of ransomware attacks are aimed at the hospitals.
Prevention Measures
Keeping in mind the elevating number of attacks in recent times, the healthcare organizations must implement a solid action plan to prevent them. Here are the recommended measures:
- Appointing a cybersecurity specialist.
- Continuous analysis and reporting the condition of security.
- Defining a series of actions if any attack takes place.
- Following the guidelines of the government and collaborate with the government to counteract against threats.
- Implementing security measures such as Firewall, SSL Certificates (Encryption), Antivirus.
- Keeping Operating Systems, Applications, Browsers etc. up-to-date.
- Implementing strong password policy.
- Avoiding opening and downloading from suspicious links and emails.
- Holding educational workshops for the staff.
Editor’s Note:
From time to time, SensorsTechForum features guest articles by cyber security and infosec leaders and enthusiasts such as this post. The opinions expressed in these guest posts, however, are entirely those of the contributing author, and may not reflect those of SensorsTechForum.