Internet-connected devices have a high risk of being attacked, on average there is a hacker attack every 39 seconds, but that becomes more unsettling when you consider that hospitals and doctor offices around the world use internet-connected devices to input and track a patient’s health history. Additionally, those in healthcare keep more than health history, they maintain information on a patient’s personal information; address, social security, credit card information, etc. Imagine what would happen if those devices and the network suddenly stopped working and all that data is gone.
According to the Herjavec group, more than 93% of healthcare organizations have experienced a data breach over the past 3 years. They state that due to a ransomware attack on small medical practices, several practices have decided that it would be better to shut their doors after the attack.
Just in 2018, the malware known as WannaCry targeted many big companies and shut down several major hospitals in London, causing the hospitals to cancel hundreds of operations and appointments, and constantly turning away patients at the door. This resulted in hundreds of millions lost in revenue for the hospitals and potentially could have caused serious harm, if not death for some patients.
Securing a hospital’s network and devices is not only to protect the financial implications of data loss to hackers, as mentioned above, but also to protect the lives of patients. A hack to a hospital’s network would not only risk the financial loss of millions of dollars, but could also kill someone. Recently it did just that.
A hack on a Duesseldorf hospital’s network caused a gradual crash of the system, requiring a woman in urgent care to be transferred to another town’s hospital – more than 20 miles away – for treatment. She died soon after arriving.
This is just one instance of the dangerous effects of not investing or properly protecting a sensitive network system, especially a healthcare system. As hacking cases increase and aim particularly at vulnerable systems, it is important now more than ever to place information security as the central focus of healthcare systems. To not do so is negligence on their part, and will play a role in the outcome that will clearly soon follow.
Besides the financial risk based on the loss of access to patients’ data and the potential of loss of life, the other risk is the data itself. If patients’ records are taken, it would be an extreme invasion of privacy and provides a potential increase in identity theft. This could provide even more devastating effects on patients and hospitals.
Use the most recent devices and software
As mentioned in the WannaCry article, the Royal London Hospital that was affected by the hack was still using Windows XP in 2017. The issue is that using older systems allows hackers more access points to the system, creating multiple vulnerability points that would otherwise be non-existent in newer systems. While your devices may not have to be changed every year or two for updates, the devices should be updated to the newer system when offered as it provides a much securer network than prior ones.
Invest in cybersecurity
This may sound confusing, but every healthcare network should have a team of IT officials who partially work on increasing the network’s cyber defenses. Or the network should contract a cybersecurity business to increase defenses and monitor for attacks. Additionally, networks should consider gaining cybersecurity insurance in case they get hacked and lose sensitive data to hackers, or have to pay a ransom to regain your data. Implementing these recommendations would create a stronger defense mechanism than what was previously there, allowing patients to feel more secure.
Final Thoughts on Healthcare Cybersecurity
Anyone in cybersecurity knows that preventing a cyber-attack is near impossible. But they also know that there is a lot that can be done to increase the security of valuable data to limit the disastrous effects of an attack. While there is nothing that can be done about previous attacks; hopefully, healthcare officials will realize the implications of not taking action sooner and the potential liability they will face if they do not take effective action.
The next time you visit your doctor’s office or the hospital, you might want to ask them how they are protecting your information in their system. If they weren’t taking network security seriously before, then they sure will after patients start expressing concern about their information.