What does it come to your mind when you hear talking about hackers? Probably your first thoughts focus on breaking passwords and damaging a webpage or a computer. Maybe you think about the idea of stealing bank details in order to make money. You are right, but it is not common to relate cyber-security to healthcare when, actually, it is one of the most important targets of hackers.
Reuters news agency , for example, claims that “Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number”. This fact gives us an overall idea about the importance of healthcare data privacy. The Internet-Of-Things concept related to healthcare is a field with a huge and overwhelming future ahead but it is of paramount importance to raise awareness in hospitals, stakeholders and general population about its vulnerabilities and how to prevent and secure them. It is also important to determine the danger this vulnerabilities can infer to patients. For example, if an infected equipment maintains alive a person, its misuse could come out with serious injuries on the patient or even his death. On the other hand, another kind of attack could imply the loss of private medical data, which would not be directly as dangerous as the first example but would significate for the hospital losing money, influence, credibility and sometimes clients.
Interestingly, the first documented ransomware attack dates from 1989 and it targeted global healthcare. An AIDS researcher named Joseph Popp carried out the attack by distributing 20,000 floppy disks with malware to AIDS researchers spanning more than 90 countries, according to an article from the Digital Guardian webpage. Since that moment, ransomware has been one of the most common attacks focused on hospitals. It consists on denying access to their medical information or databases unless a rescue is paid.
By analyzing some cyber-attacks to healthcare environments within the last decades, it can be stated that they show an exponential increase. By studying some cases, certain common patterns in cyber-attacks can be found and sometimes they are a useful tool for Hospitals and stakeholders to protect their weaknesses. However, more solid solutions must be taken by healthcare technological entities and, nowadays, these are offered by some projects around the world as well as CIPSEC.
Every day new threats are appearing and it is important to consider them and increase surveillance. The use of IT/OT in healthcare implies obvious risks that should be prevented by all means. However, there is no doubt that society is willing to take on such a risk because the benefits this approach provides are enormous.
Written by Joan Maria Arenas Gómez on October 30, 2018.