Healthcare Industry and Cyber Criminals

It is well known that few industries like healthcare, education and food will never die. Also, they have to digitize to survive in this fiercely competitive market. At a time, when mobile applications like Practo, Portea, are solving healthcare problems real time, by a click of an application, traditional healthcare practices today are looking for new ways to do business. Digital is the word and they have realised it.

Now when, a healthcare company looks at digitizing, what does it really do? Studies the market landscape, looks at ways and case studies of implementation of digital in the healthcare sector. We have to all agree that the knowledge of digital and cyber in India is still at a nascent stage. You look at any industry today, everyone is basing their business model on technology, and when this is the case, it just widens the attack vector/chart for a hacker, who is sitting somewhere in the farthest corner of the world and waiting for you to make an error, which can be futile while you are shifting to digital.

As more hospitals, medical centres and other health facilities digitise their new and archived records, a treasure trove of information is now being held online. The hackers are gaining personal information of patients and moreover, access to the treatment plants like devices which are connected to the patient.This information can be used to impersonate hacking victims to obtain medical care or to buy expensive medical equipment credit card data can become useless but data collected from healthcare remains for the lifetime.They even do get access to change patients’ diagnoses, such as ‘Non-HIV Positive’ to ‘HIV-Positive’, or ‘Allergic to Penicillin’ to ‘Not Allergic to Penicillin’, or ‘Amputate Right Arm’ to ‘Amputate Left Arm.’

If we talk about technology in this sector then, the use of wireless sensor networks (WSN) in healthcare applications is growing at a fast pace. Applications like heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field has been researched as wireless body area networks (WBAN or BAN) has dawned. Mostly, devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. There is still direct involvement of humans that increases the sensitivity.

You would say that when everything is moving smoothly and the industry is gaining new grounds, what is the problem? In February, the Hollywood Presbyterian Medical Center in California was hit by ransomware, which forced the hospital to shut down all of its computers and moved back to fax machines and paper records for a week till situation got solved.Rather than losing all its patient medical records, the hospital decided to bite the bullet and paid the ransomware crooks 40 bitcoins, or about $17,000, to restore the hijacked files.

In 2016, The Banner Health attack started on systems that process credit card data for food and beverages purchased at the location and a similar attack was done on Gahanna_based Central Ohio Urology Group.The attackers in both attacks then moved laterally to compromise patient healthcare records on other servers. Compromised data may have included a wide variety of patient data, including names, addresses, birthdates, appointment dates, physician information, health insurance information, and, potentially, Social Security numbers driver’s license and state identification numbers, patient identification numbers, medical and health plan information, account information, diagnosis and treatment information, health insurance information, and employment-related information.Related Banner Health plan data may have also been released. Overall, approximately 3,620,000 patient records were breached in banner attack and 300,000 patients in the later attack, making these single largest healthcare data breach reported in 2016.

Titus Regional Medical Center in Mount Pleasant, Texas, was hit with a ransomware attack that prevented the hospital’s access to computer files.The ransomware virus encrypted files on several TRMC database servers, which affected employees’ ability to access the EMR and interdepartmental orders. However, there is no reason to believe any data has been breached, according to the report.

These are all alarming examples of why and how a healthcare company may be forced to shut operations because of a data breach. The obvious question now becomes - do I shift back to my original way of shifting business? Of course not, remember, we mentioned that digital is the future.

While concluding we can only say that the healthcare sector is the most targeted yet underprepared genre within our Nation’s critical infrastructures. More than 101,000 potential attack vectors exist at hospitals worldwide. More than 88 percent of those vectors are linked to health care Organization in Canada and the United States.

What a healthcare company needs to do to ensure profitability by turning their business digital, while keeping digital secure:

Mindset Shifting: As cybersecurity is not a very familiar term in health industries for CEO and CFO's. But as we are moving to more digital connectivity in healthcare industry it's a high time that people sitting on higher management will ensure a dedicated budget allocation for cybersecurity to ensure not only the dignity of the health service organisation but also security for their patients with respect to their critical medical record information.

Protecting the Technology Crown Jewels: As cybercriminals have a variety of methods for breaking into healthcare organisations’ networks, health IT departments need to use a variety of methodologies to try and keep them out. From making a secure mobile device policy to ensuring the security of healthcare app and website with high-end encryptions. Equipping the organisation technology stack with latest security solutions from antivirus and endpoint solutions to stay away from various attacks. A proper auditing of healthcare ecosystem on time is a must thing to do to make sure you are updated with vulnerabilities waiting to be patched in the network.

Awareness: Most companies have cybersecurity training sessions once a year and sometimes no cybersecurity awareness program in the healthcare industry, this increase the overall threat to be a breach in the organisation because of the lack of awareness among employees. Spending a huge some on technology solves half of the job, if people in organisation are not capable of understanding technology and cyber threats then definitely they will become the victim of cyber attack and which lead an organisation to breach hence its time we should pay the equal attention towards awareness of cyber security along with secure technology infrastructure. This will provide