Today's Practice: Changing the Business of Medicine TP2018Q2DigitalEditionWeb | Page 104
T E CHNOL OGY
Healthcare Cyber Security
Hackers Love the
Healthcare Industry
Healthcare suffers the greatest amount of cyber-attacks
over other industries, twice the number of incidents
over second place industry (education). In fact, health-
care has been at the top of the most hacked industries
since 2015. Healthcare accounted for more than 23% of
total data breaches in 2017 with more than 5 million
patient records compromised.
Hackers have realized the reliance on and value of
computer systems for the modern medical practice.
High profile payments such as the $17,000 paid by
Hollywood Presbyterian Hospital or more recently the
$55,000 payment by Hancock Hospitals only reinforces
the message to hackers that if they hit the right health-
care facility and cause enough disruption, they are likely
to be rewarded with a payout for their nefarious activi-
ties.
The propensity for healthcare organizations to fall
behind in patching and use older hardware or systems
has resulted in 71% of hacks to occur through vulnera-
bilities that were present for at least three months or
more. Additionally, many practices continue using
default usernames & passwords or shared computer
accounts which make the industry attractive to attackers
looking for easy wins.
Lethal Effect of Bad
Cybersecurity
Dr. Sung Choi, a researcher at Vanderbilt University’s
Owen Graduate School of Management, has found that
2,100 deaths can be linked to hospital data breaches and
lack of cybersecurity protections. The reason is that
breaches “trigger remediation activities, regulatory
inquires and litigation in the years following a
breach…” and these activities affect the performance of
the facility, leading to quality issues.
Thinking to the large-scale ransomware attack on Holly-
103
Troy Wilkinson
%
60%
38%
30%
Quick Data
of healthcare breaches
occurred due to employee
negligence 1
of healthcare employees are
aware of their organization’s
cybersecurity policies 1
of employees report having
received any cybersecurity
awareness training 1
wood Presbyterian Medical Center in Los Angeles in
February 2016 that brought their computer systems
down for weeks, when the attack was at its worst, the
hospital had to divert ambulances and even transfer
patients to nearby medical facilities for treatment.
When WannaCry ransomware hit 16 hospitals in May
2017, at least one facility had to cancel 10 scheduled
operations due to computer system outages.
Add to this, the risks of hacked medical internet of
things (IoT) devices delivering incorrect dosages of
drugs in automated pumps or causing irregular heart-
beats for pacemaker patients seems like the plot of a
new Hollywood thriller movie but are unfortunate
realities in today’s connected world.
TODAY ’ S P R A C T I C E: C H A N G I N G T H E BUS I NES S OF M EDI C I NE