At first, the typical criminal was a scary guy with a big gun who robbed banks and random victims in dark alleys. Then there were the black hat hackers capable of stealing money and personal information from financial organizations and countless people in the blink of an eye, without even leaving their homes. The internet has brought equality: it doesn’t matter if you are an investment banker in New York or the typical working-class family in the Midwest, you run into the same risks of being hijacked by stealth criminals who hide behind their computers all over the world.
As if that wasn’t enough to scare you, the latest trend in cyber threats is even more serious, because it doesn’t only threaten your money, but your very health—possibly even your life.
Our world is filled with the data that our internet-connected devices generate, and we have come to depend on it for carrying out our daily tasks. While this has upgraded our efficiency and opened new opportunities, it has also made us more prone to danger than ever before. Can you imagine hackers controlling your smart home or your connected car? Then try to think what would happen if they could exploit your health data, or perhaps an implanted medical device, like your father’s pacemaker.
Healthcare – a New War Zone
While financial institutions and global corporations dedicate immense amounts of money to protect their data from electronic attacks, most hospitals and doctors’ offices still rely on old software and typically don’t bother instructing their employees or patients about online safety.
This has rendered them an attractive target for cybercriminals, even more so as healthcare providers are pressed to respond fast in order to save their patients’ lives (and also guard themselves from potential litigation). Hackers encrypt the data to lock computers making them inaccessible for hospital staff, and then ask for ransom.
From February to April 2016, dozens of US hospitals fell victims of these attacks. The Hollywood Presbyterian Hospital in Los Angeles, for instance, was virtually on lockdown for 10 days after the Locky virus took every single computer hostage, preventing physicians from accessing their patients’ records until the ransom was paid. A similar incident took place later in the Methodist Hospital, Kentucky, a critical care facility of 217 beds. In March, the IT system of 10 hospitals belonging to the MedStar Health Inc. chain, in Washington DC, was infected by a virus, and staff couldn’t log into their computers for several days.
The Sixth Annual Benchmark Study conducted by the Ponemon Institute and published in May of 2016, revealed that almost nine out of ten healthcare institutions examined had a data breach in the previous two years, and 45% suffered more than five incidents during the same time. The researchers estimated that the potential costs of these breaches to the healthcare industry could reach $6.2 billion a year.
In another study that lasted two years and was carried out by Independent Security Evaluations firm, it was shown that 100% of the institutions that agreed to participate had critical security vulnerabilities which could result in patients’ harm or death, if exploited. During the experiment, white hat hackers triggered false alarms that could lead physicians to administer unnecessary treatment, causing harm instead of good.
It’s Time for Doctors to Become Cyber Intelligent
The latest incidents have revealed a new malware distribution method that hackers are using. This time, it’s not needed for someone to click a dubious link on a web page or in an email; hospital systems were infected through an unpatched vulnerability on the server side, with no human interaction at all. The hospitals became victims simply because they used outdated software on their servers.
At the moment, the healthcare industry is most commonly targeted by ransomware attacks. With cloud computing, telemedicine, and electronic patient records becoming more widespread, new threats are imminent. Artificial Intelligence, robotics, augmented and virtual reality, smartwatches/activity trackers and other wearable devices will hugely improve the efficiency of health care in the future. At the same time, they will open the gates for a new level of cyber attacks.
The need to transmit and store massive amounts of data generated in the new, connected world and our increasing dependence on it demand serious attention. During a heart catheterization process in February 2016, the medical computer crashed because the antivirus software launched a scan in the middle of the operation, freezing access to critical patient’s data. Luckily, the doctors managed to finish the process, but this is a striking example of why the IT and healthcare world must collaborate more closely if they are to successfully deal with the challenges laid ahead.
In the digital world, hospitals need more than physical disinfection to protect their patients. IT literacy should be acknowledged as an essential part of professional requirements, as well as educating clients and staff regarding the dangers of cyber-crime. Doctors should take responsibility for safeguarding their customers’ data.
Don’t Bolster the Beast
On the other hand, Millennials, who grew up in a connected world where the internet and social media are a key part of daily life, tend to overshare personal information online, exposing themselves to hackers.
It’s a lost battle against cyber criminals if we don’t claim ownership and responsibility over our private data’s security, either on social media or our electronic devices. Simple behaviors like keeping our software up to date, avoiding accessing sensitive date when connected to public networks, keeping an open eye regarding the latest threats, and being more conscious about the information we share online are essential in protecting ourselves, our friends, and our family from cyber-crime. Then, the technology will be a tool for progress, not destruction.
The article was first published on DZone.