Healthcare technologies are saving and enhancing patients’ lives with wearable devices that can monitor patients’ health and apply medication according to values of the patient, such as insulin pumps, pacemakers and so on. Also, it provides storage for Electronic Health Records, which is used to see patients’ history very quickly and evaluate patients’ condition effectively and quickly.
When these devices connect to each other, this technology can also be used outside of the clinical environment. Thus, doctors can monitor their patients remotely; without the patient coming to the hospital. Healthcare technologies offer increased efficiency, reduced errors, automation, remote monitoring and time saving.
But, is it safe?
It is known that hospitals are very attractive targets for stealing patient information. According to worldwide reports, millions of medical reports have been stolen already. Recently, health sector is one of the most targeted sectors and attacks towards this sector are increasing and getting more severe.
Before Electronic Health Records, every hospital or even every department had their own records. A case of missing/stolen papers, which were exposed later, were only affecting hundreds or thousands of patients within that hospital or department. These records would only be accessed physically and were limited to the hospital staff who could gain access to the physical paperwork. Thus, it was very hard for an outsider to sneak a peek at medical records.
With Electronic Health Records, the medical data is electronic now. All the data from various hospitals is gathered in one pool and it can be accessed remotely. Thus, in case of a breach, millions of patients will be affected. This led financially or politically motivated hackers to go after celebrities or businessmen, who don’t want their medical data revealed due to a condition that can humiliate or reduce their reputation.
More than a data breach
Now that wearable devices are in the picture, more severe consequences should be expected from cyber-attacks that target the health sector. The devices, which can share real-time vital readings and apply doses of medicine, will become new targets and create new vulnerabilities upon integrating into a hospital’s network without applying necessary cyber safety precautions. Thus, health security will become a patient safety issue.
Why is the health sector being targeted?
People thought that nobody would be interested in attacking health care systems, so, they avoided spending money on cyber security systems. Unfortunately, they were wrong. The health care system motivated hackers and it created new back doors for hackers to infiltrate. Due to this lack of awareness, some hospitals are still using operating systems that are no longer supported such as Windows XP, some are not keeping their software updated to prevent security breaches.
On the contrary, medical data is so much more valuable than financial data. Aside from selling medical data for thousands of dollars, it could be used to obtain health services and medication –that can be sold on the Internet – or even open bank accounts and apply for loans.
It could also be used for more than making money. Imagine a politician, who has an allergic reaction to bee stings; combining this information and bees would be potentially life-threatening threat for the politician. Or a cyberwar that can target specific people through their medical devices…
How health care technology can be protected?
In the health care system, the focus is on the patients’ care; millions of dollars are being spent to keep patients alive and to treat them well by using health care technologies that create and store vast amounts of sensitive and valuable information. Biologic viruses are being wiped out from hospitals but what about cyber viruses: spyware, ransomware and other kind of malware?
Since new types of malware are created in the cyber world every minute, there are no 100% effective ways to protect any kind of computer or device from cyber-attacks. However, the following steps will be very protective as they will fix the vulnerabilities:
- Backups should be created to quickly recover data in the event of an attack that erased or encrypted all data.
- All software must be updated to ensure that security patches cover recent vulnerabilities of the software.
- All medical data should be encrypted so in the event of a breach, the third parties can’t use it.
- All employees should be trained to eliminate inside threats such as attacks that occur due to mistakes or deliberate actions: phishing websites and social engineering attacks.
- Instead of traditional antivirus solutions, advanced security software must be used, because of its multilayered defense and machine learning capabilities – Zemana Endpoint Security is one of them.
- A network security system device, such as firewall, is a plus along with advanced security software.