Increasing Vulnerability of Health-Care Industry to Cybersecurity Breaches
The health-care industry with its reliance on technology and a wealth of data is increasingly a target of cybercrimes. More than a million patient records have been compromised by cybersecurity breaches of health-care organizations since year 2014 according Steve Curren, director of the Division of Resilience in the Office of Emergency Management (USA). The increasing connectivity among diverse health-care organizations and the industry’s open-culture inviting all those in need of medical help is also inviting risks to security and privacy which makes this industry more vulnerable to cyber security breaches compared to other industries.
Ransomware attacks may render all electronic medical records unavailable till the demanded ransom is paid, hacking may cause delivery of incorrect doses of medication or inoperability of machinery such as X-Ray machines, and the personal (family, medical and financial) information of patients may be misused, also causing the medical care unit sinking into disrepute.
Cybersecurity is still a nascent discipline with manufacturers and operators still learning what the best practices are and how to manage them, according to Monzy Merza, head of security research for Splunk, an enterprise software company. The “resource-rich environment” of the health sector attracts hackers who wish to steal intellectual property or personal information for financial gain, deliberate destruction of infrastructure, or simply to have fun. Health-care organizations’ information can also be used to commit health insurance fraud, Medicare fraud or identity theft.
With cybersecurity breaches having the potential to prove harmful as well as fatal for patients and cause bad publicity for health-care organizations in the competitive health-care market, experts in the field recommend preventive cybersecurity measures such as continuous education and awareness about cybersecurity, backup systems for ease of data recovery, emergency planning to deal with cyberincidents, constant vigilance and constant evaluation of bugs and vulnerabilities, realistic regulations, healthy attitude toward risk, and cooperation. All the players in the interconnected health-care system, the hospitals, pharmacies, insurance companies have to be committed to sharing information with one another in order to notify each other of attempted attacks so other players can prevent them, while manufacturers work on developing cybersecurity measures that are more difficult to crack.