HEALTH CYBER ATTACK: HOW TO PROTECT PATIENT DATA
Serious risks associated with data theft lie in the digitalization of the healthcare sector. In the first quarter of 2019, healthcare ranked second in the world in the number of hacker attacks (10%) falling only after the public sector. The issues of what attacks the healthcare sector faces and how to close up to 80% of potential threats were discussed by the participants in the session “Access to health. Cybersecurity of medical data".
Having access to the personal data of an individual enables to offer him dietary supplements, expensive drugs and "elixirs against all diseases". Most often, the victims of frauds are pensioners. “Another common way to monetize data from patient records is to simulate a charity fundraising for the treatment of a specific seriously ill patient who doesn’t know that someone is collecting money for him on the Internet,” said Maria Voronova, InfoWatch leading security expert.
Data leaks lead to the fact that medical institutions lose people's trust, and their clients are exposed to information attacks from competing clinics that are trying to entice patients to themselves.
The consequences of hacking the security systems of medical institutions take even more serious forms, to the extent of threat to human life: “A targeted attack on a site can stop the entire facility operation, including the life support systems of seriously ill patients", said Cisco security business consultant Alexei Lukatsky. - A banal desire of the hacker to earn money through blackmailing the clinic turns into irreparable consequences for patients. There are also personally targeted attacks. For example, using the so-called "insulin bombs" or hacking cardiac pacemakers".
The discussion was attended by Hadassah Medical Center Digital Transformation Manager Yakov Zhitomirsky, Doctor Nearby CEO Denis Shvetsov and independent insurance expert Vladimir Kremer. As a result of the session, its participants have formed a joint set of recommendations to ensure the cybersecurity of medical data.
First of all, it is necessary to change the mentality of management and staff of the clinics. Hunting for patient medical records sooner or later leads to an attack on the security system, and it is important to create a protective circuit before it happens.
In 20% of cases, the clinic’s losses from cyberattacks are related to the banal negligence of employees who opened an email with a virus. A small educational program for staff will help to minimize risks.
And most database leaks come from insiders. Experts recommended that the clinic management, on the one hand, work to strengthen the loyalty of employees, and on the other hand, give doctors access not to the entire client base, but only to the cards of their patients. The same goes for access to software updates for complex equipment. The panelists are sure that the implementation of these recommendations will close up to 80% of potential threats.