We’re fortunate to live in an age when medical technology is hyper-advanced and continuing to innovate rapidly. Today, depending on where you live, you may expect to live to be up to 80 years or older; but just a hundred years ago, most people didn’t make it beyond the age of 50.
Obviously researchers, medical professionals, and most citizens in the developed world expect better and more sophisticated medical tools and practices. New technologies empower us to diagnose diseases more swiftly and accurately, prescribe medications and treatments with greater effectiveness, and perform surgery and other procedures with greater precision.
But one looming question about such technologies hasn’t been fully answered: How secure are they?
Targeting the medical industry
You might not picture the medical industry as a focus of cybercriminals, but it’s actually one of their biggest targets. In fact, more than 100 million medical records were compromised in 2015.
Just a year previous, in 2014, health care was barely on the radar among hackers. Now it has displaced other powerful industries, including manufacturing, financial services, government, and transportation.
Here are the most important reasons why:
· System importance. If your personal computer is seized by ransomware, how vital is it for you to restore its functionality right away? You might miss your evening ritual or a few hours of work, but ultimately, you can survive a day or two if necessary to restore your computer to working order. Systems in hospitals can’t afford that luxury: Patients depend on medical systems to remain fully operational, and without interruption. When attacked by ransomware, hospitals have to restore their systems to full operating capacity as quickly as possible, which might require the payment of tens to hundreds of thousands.
· Sheer number of systems. Employees in the medical industry end up logging into roughly twice as many systems as workers in other fields. This is partly due to the sheer number of apps available to medical professionals. That alone wouldn’t be a problem, but more logins and more systems mean more potential points of vulnerability to exploit.
· Outdated systems. Hospitals also aren’t the best at keeping their systems upgraded. Many use older technology, which means they’re easier to exploit.
· Data value. You might think the financial industry has the most lucrative data for cybercriminals; one successful hack could turn up many clients’ bank accounts and investment information. But hospitals collect and store a great deal of personal and private data that most other industries don’t. They’ll have your name, address, Social Security number, insurance provider, and any medications you’re taking.
· Minimal protection. Despite being one of the biggest potential targets, the health-care industry has some of the worst security measures of any industry. When surveyed, only 31 per cent of health-care professionals said they “extensively” use encryption to secure data, while 5 per cent used no encryption and had no plans to adopt any standards. Compare that to the financial services market, where 58 per cent of professionals use encryption extensively to secure data.
The rise of technology
The introduction of more sophisticated technology has deepened this crisis in certain ways, almost all of which entail even more points of vulnerability:
· Hospitals are using more apps and more devices, which creates more entry points that cybercriminals could use to gain control.
· Hospitals are collecting more patient data than ever before, in the effort to arrive at more accurate diagnoses and project long-term health trends more effectively.
· Brand-new technology may not be thoroughly tested, which gives hackers an easy in whenever new systems are adopted.
The health-care industry is already a major target, and the introduction of more sophisticated technology could be making it even more tempting as well as vulnerable.
Is it worth it?
You might wonder whether it’s worth adopting new technologies if that means the possibility of increased exposure. The correct answer is yes, however: These new technological advances are always worth taking.
They’re designed to save lives, remember, so the risk of cyber vulnerability isn’t worth forgoing the option. Rather than limit the use and development of new technologies, the health-care industry needs to increase its protection measure, in the following areas, at least:
• Further upgraded systems. The first answer can be an admittedly expensive one for the average hospital to implement. Upgrading all of the facility’s devices can be both time consuming and cost intensive, but it’s worthwhile to get all devices equipped with the latest security measures. When you consider that data breaches have cost the industry more than $6.2 billion, the cost of upgrading devices begins to look relatively low.
• Streamlined processes. Hospitals also need to streamline the systems they access and how they get into them. The “multiple logins to multiple systems” approach isn’t just confusing and time-consuming for nurses and doctors; it also means there are more opportunities for cybercriminals.
• Better educated employees. The vast majority of cyber attacks occur as a result of human error. Employees fall for phishing schemes, choose weak passwords, fail to update their passwords, or leak information in other ways that opportunistic hackers can use to seize control of the situation. Investing in employee education, which can equip staff against this kind of threat, should be a first line of defence for medical centres and clinics. Monthly seminars can keep employees updated on best practices into the future.
• More secure patient data. Finally, hospitals should invest in higher encryption standards and better protection for patient data. They carry incredibly valuable data on their patients, so hospitals need to do whatever they can to protect that information from brute-force attacks.
Safekeeping patient data must be a health-care facility’s top priority, whether it’s a small private clinic or a hospital with hundreds of employees. Health professionals should also assist in the implementation of security measures within the facility.
If the health-care industry did more to protect its systems and storehouses of patient data, cybercriminals wouldn’t have nearly as easy a time attacking them. We’ll all be safer, and more secure… and we’ll live longer lives as a result.
Larry Alton, independent business consultant
Image source: Shutterstock/Wichy