In 2016, over 16 million patient records were stolen from healthcare organizations. Then early in 2018, a ransomware attack crippled Britain’s National Health Service by locking up its computers, which held their records and booking systems. None of this should come as any surprise though—the healthcare industry is the fifth most targeted industry when it comes to cyberattacks.
As if it wasn’t bad enough that health data and services were at risk, human lives are also being affected by these cyberattacks. This is something that people were aware of as early as 2007. At that time vice-president, Dick Cheney’s implanted heart defibrillator was modified to avoid “death by hacking”. This is an issue that was brought up again recently, saying that any medical device that’s connected to a network could be hacked—everything from MRI machines to electric wheelchairs.
Today, connected technology is growing even more embedded in healthcare. This means that cyberthreats will continue growing. We shouldn’t fear technology though. Instead, we need to gain a better understanding of it. We also need to work towards finding an answer to the question,
“How can we protect healthcare from attacks?”
Why the healthcare industry is under attack
To understand all of this, we must first understand why the healthcare industry is under attack in the first place. Of course, we must also understand that the healthcare industry isn’t alone. Any organization that uses computers is at risk of a cyberattack. However, the reason that so many hackers are going after the healthcare industry, itself, today is that it is classed as a national, critical infrastructure. This places it right up there alongside water, electricity, and transportation networks. Any hacker who wants to create chaos will attack these infrastructures, especially if they’re from a hostile foreign country or they’re connected to other critical facilities.
There are also a lot of opportunities for cyberattacks in the healthcare industry because it’s so dependent on technology. This ranges from computer systems and hospital equipment to fitness monitors and devices like pacemakers that are embedded in the human body. The number of such devices is rapidly growing today because they’re beneficial in instantly helping provide useful information and instructions to medical staff. This is also what makes these devices so dangerous—their information is necessary for critical procedures and treatments. For instance, if a hacker interfered with a robotic surgical tool’s signals, the results could be devastating.
Understanding the risk cyberattacks pose to the healthcare industry
Understanding why the healthcare industry is under attack allows you to see where such attacks are coming from. But now, you may wonder why you should be so concerned about them. This answer lies in the risk that these cyberattacks pose, some of which was already mentioned. However, the risk goes much deeper.
It’s important to see that the most common threat to the healthcare industry today is actually caused by data theft. This usually starts in a similar way as a phishing attack. For instance, if you’re a doctor with access to patients’ chart, a cyberattack may start with you receiving an email that convinces you to click on a link or open an attachment. In doing so, a small piece of software, known as malware, is installed on your computer. Once there, the attacker can use it to gain access to your office’s financial, administrative, and clinical information systems.
Sometimes, these forms are a type of “ransomware” that locks you out of your computer, demanding that you pay money if you want to be allowed back into them. However, they can also develop into an “advanced persistent threat”, meaning the malware goes unnoticed so the attacker can stay in contact with your system. It can then spread throughout your network even if you detect and remove the original download. This allows the attacker to steal information and watch, in real-time, everything that happens on your network.
Attackers can also enter your network then move to other medical devices and equipment including ventilators, X-ray machines, and medical lasers. They do this by creating what’s known as a “backdoor” through which they can maintain access to your network even if you update your software or improve its security.
We are partnering with Blogcaster.io to bring your a podcast of this article. Please let us know in the comment section if you find this service useful. Thanks.
Phys.org says there’s also going to be a day when attackers can use artificial intelligence to mount more complex attacks. For instance, hackers could use this to block a healthcare network’s algorithms or replace them with fake algorithms. This is dangerous since these algorithms are typically used in managing prescriptions and drug libraries.
Dealing with cyberattacks on the healthcare industry
Seeing how dangerous such attacks are, it’s important to understand how cybersecurity solutions empower healthcare.
Since most cyberattacks in the healthcare industry are missile attacks, they’re difficult to track down. For instance, in the past Nyetya, as named by Cisco’s Talos threat intelligence team has been one such Ransomware attack which crippled the healthcare systems. Such attacks cause significant damage, which is why it’s important to be proactive nonetheless. The obvious way of doing this is by building cybersecurity into information technology strategies. Unfortunately, healthcare systems are no different from other businesses in the problems they face when it comes to working with technology today.
Even when you feel like you’ve got a grip on a security problem, another one will often appear. When you solve one problem, many others tend to pop up out of nowhere. This is because they’re designed by humans for humans to use. As such, human error makes them vulnerable by default.
No matter how much you know or understand about the vulnerabilities the healthcare system faces because of technology today, you can’t stop one person from making a devastating error. All it takes is one person clicking on a rogue attachment to let malware disrupt your whole system. These mistakes should never go unreported, no matter how fearful you are of legal costs and responsibilities. You never want to pay a hacker’s ransom either. Your company’s reputation depends on understanding the true extent of the threat then taking the right proactive measures. In doing so, you’ll also help build people’s trust in you.