Ransomware - a viral threat so actively rampant, a simple Google or Youtube search will reveal how the effects of recent attacks against a vulnerable healthcare system parallel that of the Somali pirate takeovers in the story of Captain Phillips. The emergence of medical wearables and biometric technology severely ups the ante when it comes to protecting confidential information from these cyber-pirates.
“More digital equipment might translate into a larger attack surface.” Lee Kim, director, privacy and security at HIMSS North America
Data breach attack are a high concern as many believe that with every piece of new technology - server, software, monitor, flash drive, tablet, mobile, wearable and biometric device - that enters a healthcare facility creates a new backdoor for cyber thieves to pull a heist on more than just hospital server data, but our bodies; the confidential data of both providers and patients.
Security experts say hackers may actually have the ability to disable these devices, creating monitor blind-spots with synoptic blackouts, fatal medication dosage overrides, and mobile spy and malware, holding patients' health at ransom.
“This vulnerability could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies,” The Food and Drug Administration stated in this 2014 warning, as reported by Reuters.
The Food and Drug Administration (FDA) has expressed concern about hackers accessing hospital networks via medical devices - as seen in this 2014 guidance document for healthcare organizations.
“The FDA is concerned about the security of networks because vulnerable off-the-shelf (OTS) software can allow an attacker to get unauthorized access to a network or medical device and reduce the safety and effectiveness of devices that connect to those networks.” The Food and Drug Administration
In a healthcare system focused on improving outcomes, the transition to electronic records has been a bumpy road. Struggles with EHR implementation coupled with full-blown server data breach attacks forces one to ask the question: are we going to be prepared for the future of cyber crime?
“Hospitals can implement several countermeasures and compensating controls to mitigate or eliminate cybersecurity risks.” Kim added.
Here are the top 5 questions experts say every hospital and healthcare facility should be asking themselves RIGHT NOW to beef up healthcare cyber security.
1. Are staff fully trained on email click protocols?
2. Does the digital equipment need to be Internet-connected?
3. Is there an upgrade pathway in place for security fixes and updates?
4. Are there seperate wifi connections for employees and patient-visitors?
5. Is there a trained faculty/staff “shutdown plan” in place if/when under attack?