Immunity Failure: The Weaknesses of Healthcare Cybersecurity
The healthcare sector is continuously under cyber threat and attack. Former White House czar, cybersecurity expert Richard Clarke, addressed this pressing matter at the IT News Privacy and Security Forum in Boston.
Clarke addressed the subject of Protected Health Information (PHI) Breaches, stressing that healthcare companies often tend to overlook internal breaches and address them only after receiving external notifications (either from the federal government or others).
As serious as this issue is, Clarke detailed seven other emerging and even more serious threats; the escalating danger of the seizure of personal data and subsequent blackmail (Ransomware), and the increasing attempts to block access to online services through a large flow of web sources (Distributed Denial of Service – DDoS), to which he referred to as “epidemic” and “high profile” respectively. Also discussed were the severe acts of complete eradication of corporate software (Wiper attacks), such as the attacks on Sony Pictures Entertainment and the Saudi Arabian Oil Company Aramco; the straightforward theft of money by hackers impersonating as authorized personnel, accessing classified financial data and transferring money through several accounts until it disappeared altogether; and the common threat of Intellectual Property (IP) theft, which Clark defined as “probably the most damaging thing that happens”. These last two are also data related and include the threat of Data Destruction, in which hackers use remote activation codes in order to physically destruct indispensable devices (such as generators and medical electrical equipment), and that of Data Manipulation, which can have dangerous implications in general, but can also have deadly outcomes in regard to healthcare related issues. One can only imagine the consequences of data on blood transfusions, organ transplants or any other medical treatment becoming uncontrollably altered.
These are serious threats that the global IT industry and specifically the Healthcare IT sector must face and solve. So far, it has not been a complete success. According to the Healthcare IT News report, Clark referred to the problematic reputation of Health IT Security and the need to deal with it, saying “We can’t put it in the closet and pretend it’s not true.”
