“I was quite shocked. I felt like the carpet was pulled out from under me, and I was left without the tools necessary to move forward.”
Nancy Boniel is one of a group of radiologists who misdiagnosed lung cancer after a CT scan was altered by a malware last year.
The malicious code was designed and tested in an experiment by Israeli university researchers meant to highlight the vulnerabilities in critical medical imaging equipment and the networks that transmit those images to other devices.
The problem is not just that the data was manipulated but that it also distorted the radiologists’ perception even after the compromise was revealed:
“Even after the radiologists were told that the scans had been altered by malware and were given a second set of 20 scans, half of which were modified, they still were tricked into believing the scans with fake nodules were real 60 percent of the time, leading them to misdiagnoses involving those patients.”
In today’s threat landscape, a malware attack could cause a misdiagnosis with life-threatening consequences. This is just one of the scenarios where cybersecurity plays a vital role. The list is growing as many others are added.
especially when there’s so much to fix in healthcare cybersecurity today. But firefighting is not enough to address current threats.
Motivated attackers put extra effort into finding surprising ways to infiltrate healthcare organizations, and they won’t miss a window of opportunity. They will step up attacks before the healthcare industry increases security standards and makes the attackers' lives more difficult.
Time is ticking, just as it does for the most vulnerable patients who rely on technology stay alive.
Maintaining a healthy system - both in medicine and in IT - is a complex challenge with many moving parts.
While they use different methods, healthcare and information security share a common goal: to keep people safe and thriving.
From this common concern, the best solutions emerge.
To support medical specialists, business leaders, and IT experts in making their best decisions, we provide a rich overview of how the entire healthcare ecosystem is coping with cybercrime and practical ways to improve security.
Security specialists had been talking about the industry’s shortcomings for years before WannaCry hit in 2017, making their real-world impact blatantly obvious.
WannaCry exposed healthcare’s security weaknesses, attracting more interest from attackers. A new gold rush for medical data began.
27% of data breaches occur in healthcare |
750 data breaches Reported in 2018, more than any other industry |
2019 BakerHostetler Data Security Incident Response Report
While it may not be as obvious to industry outsiders, IT leaders in healthcare know the clinical workflow is deeply reliant on cybersecurity.
For example, research by Sung J. Choi and M. Eric Johnson shows how data breaches interfere with patient care, increasing the risk of mortality:
“Hospital data breaches significantly increased the 30-day mortality rate for AMI [acute myocardial infarction].
Data breaches may disrupt the processes of care that rely on health information technology. Financial costs to repair a breach may also divert resources away from patient care.
Thus breached hospitals should carefully focus investments in security procedures, processes, and health information technology that jointly lead to better data security and improved patient outcomes.”
1. Social security number (37%) | 2. Health information (33%) |
3. Financial (19%)
|
55% of all cybersecurity incidents involved insider error or activity |
37% Of data breaches caused by phishing attacks - the leading cause across industries |
30% Of data breaches caused by network intrusions across industries |
2019 BakerHostetler Data Security Incident Response Report
Attackers unscrupulously exploit the urgency inherent to many medical procedures to extort organizations. Because lives depend on it, victims sometimes succumb to the pressure and pay the ransom.
Each year, record ransom payments increase, from $250,000 in 2018 to over $1 million in 2019.
1 in 10 Ransomware victims who paid the ransom received the decryption key |
$28,920 Average ransom paid in 2018 by victim organizations |
$1 million+ The biggest ransom paid to date (that’s been publicly communicated) |
2019 BakerHostetler Data Security Incident Response Report
The financial impact of cyberattacks on the healthcare industry isn’t limited to ransoms and business consequences. The number and value of fines had increased too.
2018 saw a new record for HIPAA penalties. Throughout 2018, the Office for Civil Rights issues a total of $28,683,400 in fines. That’s a 22% increase from the previous record, set in 2016.
In this context, IT and security specialists in healthcare companies can leverage the increasing volume of data about the industry to build business cases for increased security spending. This is especially important when advocating in front of C-level executives, whose priority is business impact.
Security influences the entire organization, from core processes to relationships with service providers and regulatory bodies.
That’s why a robust cybersecurity program can lead to increased business performance as well as a better security posture.
This domino effect is especially visible in increased patient safety, where technical tools, processes, and cybersecurity education come together.
One way to reconcile medical workflow priorities with security must-haves is to build a framework around the 4 Ps of medicine:
1. Predictive | 3. Personalized |
2. Preventive | 4. Participatory |
After all, both medical professionals and IT security specialists share a common perspective on what makes and breaks a healthy system. What’s more, finding common ground can be a lot easier with a shared vocabulary.
In the next installment of this healthcare security series, we’ll explore the key threats to organizations in this sector - both external and internal, and explain the domino effect of attacks in the ecosystem.
tags
Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world.
View all postsDon’t miss out on exclusive content and exciting announcements!