Researchers discovered about 300 hospitals have experienced a data breach which resulted in an additional 36 deaths per 10,000 heart attacks occurred annually.
In India last year Mahatma Gandhi Memorial hospital, Mumbai was affected by a cyber-attack where the hospital administrators found their systems locked, and noticed an encrypted message demanding ransom in Bitcoins to unlock it. The hospital had lost 15 days data related to patient history and billing.
Why go for health care information? Why not financial information?
If you ever notice a fraud in credit card today you can close the card and have a new one in a matter of days. It’s really not the bigger inconvenience. But your electronic health record not only has you credit card number, it includes your address, your employer and insurance information and hacker could not just use the credit card in your name, could potentially take a bank loan or get high prices narcotics for your medical insurance. How do you protect against that? How do you change your name, address on your employer? Well, you can’t and that’s what makes that information so much more valuable. Personal health information or PHI has great Values on Black market.
A Global ransomware attack, known as WannaCry affected more than 2,00,000 computers in at least 100 countries. The ransomware attack affected 80 out of 236 medical institutions further 603 primary care and other health service organizations.
Why are hospitals vulnerable?
Due to the lack of internal IT workforce hospitals use convenient services such as OpenEMR, OpenMRS or similar web applications. This technology’s rapid adoption triggers the rise of the threats. They can be customized for medical practice management. These platforms are not licensed and can be used commercially without any restrictions. The source code is available to software developers and is compliant with industry standards. Some of the most vulnerable machines are the Magnetic Resonance Imaging (MRI), drug infusion pumps, defibrillators and X-Rays. The reports can be altered in seconds without the technicians and the doctors ever knowing.
How is information stolen from hospital and health care centers?
Cyber criminals use Malware and Ransomware to shut down individual devices, servers or entire networks.
An increasing amount of protected health information is stored on the cloud, without proper encryption this is a weak spot for the security of healthcare organizations.
Huge amount of emails are sent from seemingly reputable sources to obtain sensitive information from users. These are known as phishing attacks.
While encryption is critical for protecting health data, it can also be used as a blind spot where hackers can hide from tools meant to detect breaches.
The countries that faced the most number of attacks were Pakistan, Egypt, Mexico, Indonesia and Spain. India and Bangladesh round up to the top 15.
It is predicted that in 2025 most hospitals have the ability to network connect more than 90% of their devices. But is it useful if our information is not safe?
Do you think your personal health information is safe? Are hospitals and health care centers keeping it protected?
Comments