Much of the focus in cyber security has been on individuals’ data accessed through retailers or government databases, but the healthcare sector is facing more pressing security needs than ever before for healthcare cyber security.
Understanding the Need for Healthcare Cyber Security
As more hospitals, medical centers and other health facilities digitize their new and archived records, a treasure trove of information is now being held online. To cybercriminals, this information could be used to alter patient records, redistribute or falsify prescriptions or do malicious harm by hacking treatment plans.
A 2016 report analyzed 12 healthcare facilities, two healthcare data facilities, two medical devices and two web applications over two years using a patient health-focused attack model. The report states that hackers “can easily deploy attacks that target and compromise patient health… the industry focuses almost exclusively on the protection of patient health records, and rarely addresses threats to or the protection of patient health from a cyber threat perspective.”
Healthcare Cyber Security Data Breaches
This may be due to the huge number of patient health record breaches in recent years, which impacted millions of Americans. Community Health Systems— which owns and operates more than 200 hospitals — suffered a breach in 2014, resulting in the theft of 4.5 million patient records.
The hackers bypassed the hospital operator’s security systems and stole personal data, including names, Social Security numbers, addresses, birth dates and telephone numbers. After the attack, Community Health Systems removed the attackers’ malware from its systems and increased its computer defenses to prevent future attacks. It also provided identity theft protection to affected patients and carried cyber insurance to mitigate some of its losses.
The need for Healthcare Cyber Security is at an all time high.
In 2015, insurance group Anthem also suffered a major breach of more than 37 million patient records. According to a New York Times article, as many as 80 million records were taken.
It was believed to be the largest breach of a healthcare company to date, with hackers stealing names, Social Security numbers, birthdays, addresses, email and employment information and income data. The company worked with the Federal Bureau of Investigation and a cyber security contractor to look into the attack and identify vulnerabilities in their systems.
The Ponemon Institute says criminal attacks on health data stores are rising. It’s clear that this issue is only becoming more important.
The Lack of Information Security in Healthcare
Although businesses across all industries are suffering security breaches, the reasons behind medical breaches may differ from others.
Firstly, medical data is very valuable on the black market. Electronic health records can sell for up to $500 per patient.
Additionally, medical records lack safeguards found in credit cards or other banking products, because they can’t be canceled.
Also, many medical administrations are dealing with legacy systems that were never designed to be digitized and put online. As a result, they lack safeguards needed in the modern digital environment.
Information Week reported that the Community Health Systems breach occurred due to a test server being connected to the internet though it lacked the proper security protocols a production server would commonly have built in.
Another issue may be industry priorities. The 2016 HIMSS Analytics Healthcare IT Security and Risk Management Study found several challenges the healthcare sector is facing when it comes to fully implementing cyber security. Half of respondents said they are spending 0 to 3 percent of their IT budgets on cyber security. Only 23 percent said they have an ongoing, consistent risk-management program.
More Must Be Done for Healthcare Cyber security
It’s clear there isn’t enough being done with healthcare information security. Legacy systems are not only holding back modernization of the sector, but also putting millions of patient records at risk.
Dr. Deborah Peel, founder of Patient Privacy Rights, agrees: “These breaches will keep happening because the healthcare industry has built so many systems with thousands of weak links.”
As attention on these issues increases, there is sure to be growing interest in cybersecurity jobs in this sphere. For information security professionals, the challenge will be ensuring that the health industry moves into the 21st century while still protecting patients and their data.
To meet this need and help healthcare organizations better address these cyber threats, review your roadmap to a career in cybersecurity.