Today's Practice: Changing the Business of Medicine TP2018Q2DigitalEditionWeb

T E CHNOL OGY Healthcare Cyber Security Hackers Love the Healthcare Industry Healthcare suffers the greatest amount of cyber-attacks over other industries, twice the number of incidents over second place industry (education). In fact, health- care has been at the top of the most hacked industries since 2015. Healthcare accounted for more than 23% of total data breaches in 2017 with more than 5 million patient records compromised. Hackers have realized the reliance on and value of computer systems for the modern medical practice. High profile payments such as the $17,000 paid by Hollywood Presbyterian Hospital or more recently the $55,000 payment by Hancock Hospitals only reinforces the message to hackers that if they hit the right health- care facility and cause enough disruption, they are likely to be rewarded with a payout for their nefarious activi- ties. The propensity for healthcare organizations to fall behind in patching and use older hardware or systems has resulted in 71% of hacks to occur through vulnera- bilities that were present for at least three months or more. Additionally, many practices continue using default usernames & passwords or shared computer accounts which make the industry attractive to attackers looking for easy wins. Lethal Effect of Bad Cybersecurity Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, has found that 2,100 deaths can be linked to hospital data breaches and lack of cybersecurity protections. The reason is that breaches “trigger remediation activities, regulatory inquires and litigation in the years following a breach…” and these activities affect the performance of the facility, leading to quality issues. Thinking to the large-scale ransomware attack on Holly- 103 Troy Wilkinson % 60% 38% 30% Quick Data of healthcare breaches occurred due to employee negligence 1 of healthcare employees are aware of their organization’s cybersecurity policies 1 of employees report having received any cybersecurity awareness training 1 wood Presbyterian Medical Center in Los Angeles in February 2016 that brought their computer systems down for weeks, when the attack was at its worst, the hospital had to divert ambulances and even transfer patients to nearby medical facilities for treatment. When WannaCry ransomware hit 16 hospitals in May 2017, at least one facility had to cancel 10 scheduled operations due to computer system outages. Add to this, the risks of hacked medical internet of things (IoT) devices delivering incorrect dosages of drugs in automated pumps or causing irregular heart- beats for pacemaker patients seems like the plot of a new Hollywood thriller movie but are unfortunate realities in today’s connected world. TODAY ’ S P R A C T I C E: C H A N G I N G T H E BUS I NES S OF M EDI C I NE

Today's Practice: Changing the Business of Medicine TP2018Q2DigitalEditionWeb | Page 104