The last few months have witnessed a rise in attacks on hospital IT systems with a view to stealing sensitive data. So far in 2014 there has been a 600% increase in such crimes.
Despite the benefits for hospitals of sharing patient data, this trend is posing a serious security problem for the healthcare industry. The reason is simple, medical information can be highly valuable.
To give you some idea, while credit card details could be worth a few euros on the black market, someone’s medical records could fetch as much as 80 euros. That’s a big difference. The reason is that this information includes not just medical details but also detailed personal information (social security numbers, addresses, bank account details, etc.) that can be used for identity theft.
It’s also important to bear in mind that in the USA (where the problem is greatest) healthcare is expensive and is mostly run by publicly-traded firms. That’s why they have a general interest in suppressing concerns about this issue (albeit a difficult task).
This August saw one of the largest thefts of medical data so far recorded, though it certainly wasn’t the first, or probably not the last. The personal details of over four million patients from the Community Health Systems organization were compromised.
Now no hospitals or health centers or health departments or healthcare companies are safe. Anyone who had received treatment in any center related to this healthcare group could be affected.
For this reason the FBI has said that it would be “committing significant resources and efforts to target, disrupt, dismantle and arrest the perpetrators“. It has launched an investigation to determine where were the attacks originated: the cyber-criminals were apparently working from China and used sophisticated malware. They are experienced in spying on the healthcare industry, stealing formulas for medications and drugs, and have been active for over than four years, although their impact is now greater thanks to the technological modernization of the sector.
The FBI also warned healthcare companies of the need to take all possible security measures. The agency has recently been releasing alerts to provide businesses with technical information they can use to either prevent or identify cyber-attacks.
What’s more, hospitals are rarely prepared for this kind of attack, much less when many of the devices they use every day are connected to the Internet. However, with the emergence of the ‘Internet of Things’, it is essential that they adapt to the new environment. According to Kristopher Kusche, an expert in medical IT services, there are currently about 20,000 healthcare devices in the country connected to the Web.
For this reason he believes it is essential for organizations to carry out risk assessment audits for their facilities with Internet access. Nevertheless, the most difficult thing is to quickly train people in prevention to deal with the attacks that are already happening. One of the easiest ways to start however, is to install programs that can detect malware, which could in the short term help protect devices against infection.
In addition, these attacks are creating a great deal of insecurity in the medical environment, which goes beyond just data theft, as many of these devices are routinely used to care for patients. Doctors are concerned whether someone could hack devices in order to affect people’s health. It wouldn’t be the first time that someone managed to tamper with a pacemaker…
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
