Big Med has been hit hard this past year by cyber criminals intent on disrupting and disabling the industry. The vulnerabilities exposed by these attacks point to the need for more robust security measures in 2017. At issue is not only invasion of privacy when personal medical records are hacked, but also rising costs to the healthcare industry, which as always, is passed on to the consumer. And losing access to computer systems via ransomware could cripple a healthcare business, endangering patient safety. (RELATED: Read more cyber security news at Cyberwar.news)
Health Care IT News spoke with four experts regarding recent security breaches. Pam Hepp of Buchanan, Ingersoll & Rooney, Cynergis CEO and co-founder Mac McMillan, ESET Security Researcher Lysa Myers, and ICIT Senior Fellow James Scott offered their take on the most significant weaknesses, dangers, and insights gathered from the events of 2016:
1. Human error allows hackers an entrance of attack. Unconcerned and unaware persons are targeted as a prime defect in the system.
2. The Internet of Things and obsolete technology create a shortcoming. A connected device such as a digital camera can be exploited if the item is not sufficiently updated. This can become a big problem when an unprotected piece of equipment is not taken into account, because with automated tools in the hands of criminals, a single vulnerability can be uncovered.
3. Vendors and associates can be the point of entry for a breach. A thorough vetting of third parties is essential to assure security, along with having a good understanding between all parties.
4. Ransomware is malicious computer code that when surreptitiously installed can render a system unusable until the entity pays a sum of money to the cyber pirates. Once successful, it’s a way introduce further attacks.
5. Cyber breaches are increasing in frequency. Medical data is a valuable for an organization to operate, as well as for a hacker to exploit.
6. Backups are key to providing continuity not only for hardware or software glitches, but also to elude the grip of a ransomer.
7. Impeccable cyber-hygiene, including improvements in infrastructure, networks, and software; and pertinent hands-on training, can eliminate nearly all pitfalls.
8. Cybercrime is big business, and the lucrative healthcare industry is a prime target.
9. Contingency planning and risk management are vitally important, to mitigate and recover from a worst case scenario.
10. Partnerships are essential as a strategy for success, for the ability to share expertise and resources.
We are all patients
One egregious shortcoming of Obamacare is the laying bare of patients’ private, personal and intimate information; things most people are reluctant to share with anyone besides their physician, if that. The ramifications go beyond possible public humiliation; the leaking of personal medical records could conceivably be a strategic threat to one’s career or personal relationships. Natural Society notes the idiocracy that reigns in Washington that has manifested as a sizable cybersecurity liability.
The Health Information Technology for Economic and Clinical Health (HITECH) Act provided $30 billion for the medical industry to digitize patient records. At first glance, this would seem to be a good idea; the quick, accurate, and efficient storage, retrieval and portability of patient histories would save lives, one would hope. But studies suggest a cost of up to $100 billion to implement, and the undertaking does nothing to save money, nor improve patient health. The glaring problem is that the software designed by Epic Systems, the firm that stores the largest number of patient records, does not allow hospitals to share them. So the obvious question becomes, why bother? This boondoggle is not only useless, it opens up patients to the theft of their medical records…all of the risk with none of the benefit. This is not a theoretical problem; it is already happening. You can thank the inept and unresponsive federal bureaucracy for this one. And so much for the Obama ‘legacy.’ (Read more news about technology glitches and failures at Glitch.news)