Recent attacks have healthcare executives and elected officials scrambling for answers
In recent posts on Access Granted, we’ve looked at the healthcare industry and the reasons why it’s so frequently targeted for cyberattack. Ultimately, healthcare and patient data is of very high value to hackers, who can use the information within for multiple, nefarious purposes – including the blackmail or exploitation of individuals with embarrassing or sensitive healthcare conditions and histories.
And, coupled with the incredible value of healthcare data and patient information is a handful of cybersecurity challenges that healthcare companies and providers face. They’re stuck in a tough spot between wanting to lock down data and needing to make information shareable and accessible. They’re embracing new technologies at a rapid pace due to the Affordable Care Act and an ongoing modernization of the industry. They’re also oftentimes more focused on providing patient care than on cybersecurity – and you can’t blame them for that.
Unfortunately, all of these issues have created a cybersecurity perfect storm in the healthcare community, and everyone from cybersecurity experts, healthcare pundits and elected officials are getting concerned about the problem. And while everyone scrambles for solutions, attacks are continuing to be perpetuated.
Here are some of the most recent articles about cybersecurity breaches, concerns and trends in the healthcare industry that we were following this week, including a ransomware situation at a Washington, D.C. area health organization, discussion about the vulnerability of healthcare companies and elected officials calling for healthcare cybersecurity laws:
Has health care hacking become an epidemic? (PBS News Hour)
Health care occupies a vulnerable cybersecurity space. With the rise of health frackers, self-care and personalized medicine, people, doctors and regulators want easier modes of access to patient data. The dangers come from opening huge highways for sharing and storing data without the proper digital protections…As an experiment designed to identify vulnerabilities, Independent Security Evaluators spent the last two years trying to penetrate the cybersecurity of 12 health care facilities and two health care data centers in the United States. Read more HERE.
Why hackers are going after healthcare providers (Washington Post)
The health-care sector has a lot of information that could be valuable to criminals and that makes them a juicy target. First, they often have a bunch of personal information that could be use for traditional financial fraud — things like your name, social security number, and payment information. But they also have health insurance information, which can be sold for even more on online black markets because it can be used to commit medical fraud — things like obtaining free medical care or purchasing expensive medical equipment — that often isn’t caught quite as quickly as credit card or bank account fraud. Read more HERE.
FBI investigating cyberattack at MedStar Health (Baltimore Sun)
Hackers attacked the computer system at MedStar Health on Monday, forcing thousands of employees in the state’s second-largest health care provider to resort to paper medical records and transactions. The nonprofit, which operates 10 regional hospitals, quickly shut down all computer system interfaces to prevent a computer virus from spreading, officials said in a statement. No patient medical records or other information was compromised, they said. Read more HERE.
Senator Urges HHS to Create Healthcare Cybersecurity Law (Health IT Security)
Senate health committee chairman and Tennessee Senator Lamar Alexander recently called upon the Department of Health and Human Services (HHS) to create a healthcare cybersecurity law after the recent cyber attack on MedStar Health. Legislation is necessary because healthcare cyberattacks “can be catastrophic for America’s patients,” Alexander said in a statement. These types of attacks can also leave doctors locked out of patient records, which could potentially delay necessary care. Read more HERE.