Crime has never been more egalitarian. It used to be centered around armed men and stickup artists in alleys heisting banks. Overall, there was the perception that poor people in rough neighborhoods were far more likely to become a victim. The rise of the digital age came along and the situation started changing.
We began to hear news reports about the black hat hackers who stole massive amounts of money from financial institutions. They took the identities of millions of people in a matter of seconds from the convenience of their living rooms.
Welcome to the Digital Future
The Internet has leveled the playing field. It doesn’t matter if you live in a fancy mansion in Los Angeles or in a working class neighborhood in Detroit, your digital information is in danger. Invisible criminals hiding behind their computers across the globe can steal your information online.
They don’t have to visit your bank or your home in order to do so. Unlike the more old-fashioned forms of crime, you can’t move to a better neighborhood to avoid being a victim.
The risk to your bank account is scary enough, but it doesn’t end there. Cyber crime has a new and fast growing trend that actually places your health and even your life in jeopardy.
Today, we live in the world of data generated by laptops, mobile and wearable devices. Like all of us, health care professionals increasingly rely on the power of internet connected devices in their daily routine. While digital information helps them to be more efficient, it also creates new opportunities for cyber criminals and rises our vulnerability to a new level.
Think about hackers controlling your smart home devices and your car. Now, imagine if they could manipulate your health data or even your parent’s pace maker. A person located in another country and “armed” with an ordinary computer can kill a patient remotely.
2016 is the year when these threats have become a reality.
New Cyber Target: Health Care
Financial institutions and global corporations employ huge resources to prevent cyber-attacks and keep their software up to date. Unfortunately, that is not the case with the vast majority of hospitals and doctors’ offices. They still use outdated computer programs and don’t educate their staff and patients about cyber security.
Digital criminals have found the healthcare industry to be a much easier target than large corporations and financial institutions. This is particularly true because medical professionals are pressed to make decisions fast in order to protect their patients’ lives.
They also need to protect themselves from potential malpractice suits. Hackers use encryption to lock medical staff out of their computers, preventing them from accessing any patient data. Then, they demand ransom to be paid in bitcoins over a secure web browser.
From February to April of 2016, dozens of hospitals became victims of ransomware. For example, the Hollywood Presbyterian Hospital in Los Angeles was paralyzed for 10 days because of the Locky virus. This virus took all the computers in the hospital hostage and prevented specialists from accessing patients’ data until the hospital paid the ransom.
This scenario was repeated just a few weeks later at the Methodist Hospital, a 217-bed, critical care facility in Kentucky. At the end of March, a virus crippled the information systems of ten hospitals at the Washington, D.C. based chain, MedStar Health Inc. The hospitals’ employees were unable to log into their computers for several days.
According to the Sixth Annual Benchmark Study (Ponemon Institute), nearly 90% of healthcare organizations involved in the study had been the victims of a data breach in the past two years. Nearly half of them (45%) had more than five data breaches during the same time period. Researchers estimate that these data breaches could be costing the health care industry a whopping $6.2 billion annually.
Independent Security Evaluations discovered that every single health-care facility that volunteered to participate in the experiment had critical security vulnerabilities which, if exploited, could result in patient harm or even death. The hackers hired as part of the study were able to trigger false alarms that could prompt doctors to administer unnecessary and adverse treatments.
It’s Time for Doctors to Become Cyber Intelligent
In recent attacks, the hackers have been utilizing a new method of distributing the malware. Instead of requiring an individual to click on a link in an email or on a web page, the virus infected hospitals’ systems via an unpatched server vulnerability. That means the employees did not have to do anything for the malware to be introduced into the system. The hospitals have been targeted simply because their servers have not been kept up-to-date.
Currently, ransomware is the most common type of malware targeting the healthcare industry. With the adoption of telemedicine, cloud computing, and patient e-records keeping, new dangers will arise. Robotics, AI, virtual and augmented reality, smartphone apps, and smartwatches have all begun to come into use in health care. They represent unique opportunities for patients and healthcare professionals. But, it opens floodgates for cybercriminals who will be happy to exploit them.
Medical records, insurance documents, and prescription forms are now stored electronically. These massive amounts of data transmission and storage require a new level of maintenance and protection.
In February of 2016, medical equipment crashed during a heart catheterization. It didn’t happen because of a hacker attack. The computer froze access to crucial data because of the automatic antivirus scan. Fortunately, the doctors were able to finish the procedure, but this case illustrates the necessity for the healthcare and IT industries to work together and meet the challenges of the connected world.
This new digital environment requires updated tools beyond the usual medical instruments. IT competency should become a crucial component in the education of doctors, nurses, and other health care professionals. Educating staff and patients about data security should be a priority for every medical facility administration. Doctors must also be accountable for keeping their patients’ data protected.
Don’t Feed the Monster
One of the most interesting wrinkles in digital cybersecurity involves millennials. They live their lives in the digital world, having the tendency to over share sensitive information. That makes them easy targets of hackers. On the other and, many older adults are traditionally worried about their paper documents and bank cards, not realizing the importance of protecting their digital information.
As patients, we must take responsibility for the security of our personal data. We must be aware of the data we put on our devices and social networks in order to battle cyber criminals. We must update our software, avoid opening private files while being connected to public networks, and stay informed about the latest threats.
Taking those steps is critical in order to be safe and protect everyone. Only together, we can make technological innovations work for the people instead of feeding the criminals.