
Cybersecurity in healthcare is all about patient trust and safety concerns. But in reality, things are different. According to the other study by Ponemon Institute, 89% of the interviewed executives from the medical industry admitted that their organization had encountered at least one leak in the last two years. Almost half of the respondents (45%) said that more than five leaks had occurred in their very own institution. For instance, in 2017, 112 million medical records were put at risk in the United States alone. As the industry seeks custom HealthTech solutions , ransomware attacks have also become a serious threat.
As part of the study, three qualified radiologists analysed real photographs of the lungs which were modified by the program. In 99% of cases, when examining these images, doctors discovered malignant neoplasms. Besides, when the program removed real cancerous nodules, the same specialists said that the lungs were fine in 94% of cases.
After giving the doctors a different set of pictures, and informing them that half of them were fake, the proportion of erroneous diagnoses decreased, but not significantly. In 60% of cases, radiologists found cancer in healthy patients, and in 87% they could not identify this deadly desease in real patients.
The malware needs to be implemented in the hospital's local network, which is often isolated from the Internet but the experiment participants managed to do this without considerable effort. In the evening, one of them went to the radiology department of the hospital, and within 30 seconds he infiltrated the device with the virus: during this time, no staff member managed to detect the breach.
This way, cybercriminals can use such attacks to damage the reputation of a medical institution or actually control the fate of a particular patient — for example, to prevent a person with the disease from receiving critical care for him.
Having said that, let’s enumerate the point to consider when talking about security in healthcare:
Electronic health records and individual medical devices are all subject to attacks;
The healthcare industry is particularly vulnerable for a number of reasons: no significant investments in cybersecurity, serious vulnerabilities in existing technology and human factor aka staff behavior;
Breaches usually result in hundreds of stolen health records and may even paralyze the work of the whole structure;
So what are strategies for improving cybersecurity?
Professionals from HealthIT.gov, suggest implementing the following practices:
Start by establishing a security culture
Protected mobility
Firewall and antivirus software
Control over protected information
Backed up files
Update (and regularly change) passwords
Install software carefully
Final Thoughts
In regards to all these facts and statistics, cybersecurity has to be an integral part of the patient care pathway in any medical institution. After all, it’s all about human lives. And I don’t exaggerate: some of the attacks are deadly. The ransomware attack on MedStar Health , a large Maryland-based healthcare system, serves as a “perfect” illustration. This case made all national headlines when it has become clear that it had threatened patients’ lives. Therefore, the healthcare industry has no choice but to improve its capabilities regarding security.
+48 22 104 20 98