CybersecurityWhy has healthcare become such a target for cyber-attackers?
More than 16m patient records were stolen from healthcare organizations in the United States and related parties in 2016. That year, healthcare was the fifth most targeted industry when it came to cyber-attacks. And earlier this year, Britain’s National Health Service was crippled by a ransomware attack that locked up the computers holding many of its records and booking systems. As connected technology becomes even more embedded in healthcare, this cyber-threat is only likely to grow. But if we want to protect our health from cyber-attacks, we shouldn’t fear technology. Instead, we need to understand it better and realize that the threat becomes much worse when people make simple mistakes.
More than 16m patient records were stolen from healthcare organizations in the United States and related parties in 2016. That year, healthcare was the fifth most targeted industry when it came to cyber-attacks. And earlier this year, Britain’s National Health Service was crippled by a ransomware attack that locked up the computers holding many of its records and booking systems.
But it’s not just health data and services that are at risk from cyber-attacks – it’s also human lives. In 2007, the then US vice-president, Dick Cheney, had his implanted heart defibrillator modified in order to avoid “death by hacking”, a technology weakness that US officials warned of again just recently. Any medical device connected to a network is potentially at risk from being taken over and exploited by hackers, from MRI machines to electric wheelchairs.
As connected technology becomes even more embedded in healthcare, this cyber-threat is only likely to grow. But if we want to protect our health from cyber-attacks, we shouldn’t fear technology. Instead, we need to understand it better and realize that the threat becomes much worse when people make simple mistakes.
What is the risk to healthcare?
The most common cyber-threats to healthcare are data theft attacks. They typically start from something like a phishing attack. For example, if you are a doctor with access to patients’ records, an attacker may send you an e-mail and convince you to click a link or attachment that downloads a piece of software known as malware to your computer.
The attacker can then use this software to gain access to the organization’s financial, administrative and clinical information systems. In the case of the recent “Wannacry” attack that affected the NHS, the malware (in this instance “ransomware”) locked users out of their computers and demanded money to release them.
These attacks can also develop into “advanced persistent threats” against healthcare networks. These occur when malware enters a health network and remains there unnoticed while keeping in contact with the attacker. From there it can spread throughout the network, even if the original download is detected and removed. Then it can steal data and direct network traffic to the attacker so they can see exactly what is happening in the system in real time.
