Med One to One Fall/Winter TWENTY NINETEEN ISSUE 61

Cybersecurity Threats to Providers and Patients

Written By: Madeline Cheney

Cybersecurity Threats to Providers and Patients

Cybersecurity is a growing concern in an ever-advancing technological world. Many people are aware of some cybersecurity basics, such as being cautious about sharing personal information online and making sure to use strong passwords to protect their various internet accounts. However, they don't realize how much of their personal information is actually at risk – including at the hospital.

It is easy to see why financial institutions like banks have such high levels of security – we are trusting them to protect our hard-earned money. People won't bank with an institution they feel is untrustworthy. Knowing this, financial institutions take great effort to always utilize the most advanced security available. In order to maintain a positive reputation and keep their customers, banks want to make sure that customers can feel confident in their financial investment.

It might seem less important for healthcare providers to maintain high levels of cybersecurity than for a financial institution, but security in medical institutions is just as vital. Your medical records contain a wealth of sensitive information, including your social security number and previous medical diagnoses. If your medical records are compromised, this information could be sold by criminals on the black market; this can result in identity theft and abuse of the healthcare system due to fraudulent individuals receiving medical procedures and medications under your name. Medical records sold on the dark web are more valuable than you might think; medical records can sell for $50 dollars, whereas a social security or credit card number can sell for only $1 dollar. Criminals may also attack healthcare institutions more actively. They could remotely shut down a hospital until a ransom is paid or infect devices on the hospital network with malware.

The more easily accessible patient information is, the more vulnerable hospitals and, ultimately, patients are to cyber-attacks.

There are an incredible number of devices linked to the hospital network, including patient health monitors, desktop computers, tablets, and mobile phones. Because hospitals have such a vast network, it is difficult to protect all linked devices from an attack as well as preventing a tampered-with hospital device from damaging the network. Cyber-attacks in hospitals are often left unnoticed for months if caught at all; however, hacking is the leading cause of healthcare data breaches. Limited hospital budgets and a general unawareness of the wide-ranging and severe repercussions of a security breach are two key factors preventing increased cybersecurity in medical institutions. Additionally, increasing hospital cybersecurity can seem like an insignificant venture when compared to providing current patients with much-needed immediate care.

Despite the risks associated with poor cybersecurity, the use of technology in hospitals is vital. The incorporation of technology into modern medicine has dramatically increased provider productivity and accuracy of diagnosis and treatment; however, providers now need to proceed with caution in their technology usage because of the risks associated with poor cybersecurity. Many hospitals have adopted the use of tablets and other devices to log patient information, which have saved time and improved efficiency. With these advances come drawbacks in the form of cyber vulnerability. The more easily accessible patient information is, the more vulnerable hospitals and, ultimately, patients are to cyber-attacks. In the event of a cyber-attack, patient information may not only be compromised but can become unavailable to providers, resulting in a severe decline in the quality of patient care.

Healthcare providers can take steps toward being more cybersecure by advancing their networks. Rather than storing complete copies of patient information on each device in a hospital, hospitals can utilize a virtual network, which would allow providers to view patient data without needing to store it directly on the device they are using. This simple change adds a layer of security without a reduction in usability.

Hospitals and other healthcare providers need to take an active approach in updating their cybersecurity as well as consistently finding and fixing vulnerabilities in their systems. Constant maintenance of the network, as well as finding creative solutions to security weaknesses, will make a tremendous difference in the overall security of patient information. Although patient care must always come first, healthcare providers must also focus on maintaining secure networks. A robust and secure network will ensure the productivity of doctors and nurses without losing access to patient information or allowing it to be compromised. It will prevent damage to the network by the installation of malware. Overall, cybersecurity in medical institutions is necessary and beneficial to both the institution and the patient.

89%
of healthcare organizations had medical records lost or stolen in the last two years.

$1.4 MILLION
is the amount the average healthcare organization spends to recover from a cyberattack.

59%
of the population had their medical records stolen as a result of data breaches between 2009-2018.


Prev Article