In recent years, healthcare data has been the target of regular hacks, especially in hospitals. Cybersecurity is now a central issue for public authorities, as for healthcare facilities.
WannaCry, Locky, Cryptowall … If these obscure names are little known to the general public, they are painfully familiar to certain hospitals and health establishments, recently affected by ransomware.
This malware block computer systems and demand ransoms from their victims, otherwise they will never recover their data.
These attacks are currently the most visible representation of the danger to healthcare data, new targets of cybercrime since the massive digital transformation of healthcare systems worldwide.
WHAT IS HEALTHCARE DATA?
The healthcare data can be defined as, Personal data concerning healthcare are data relating to the physical or mental health, past, present or future, of a natural person (including the provision of healthcare services) which reveal information on the condition health of that person.
This definition, therefore, includes for example:
- Information related to a normal person collected when registering for healthcare services or when providing these services: a number, symbol or specific element assigned to a natural person to identify him or her uniquely for healthcare purposes.
- Information obtained during the testing or examination of a body part or body specimens, including genetic data and biological samples.
- Information concerning an illness, disability, risk of illness, medical history, clinical treatment or the physiological or biomedical state of the person concerned (regardless of its source, whether it comes for example from a doctor or ‘another healthcare professional, a hospital, a medical device or an in vitro diagnostic test).
This definition makes it possible to encompass certain data measurements from which it is possible to deduce information on the state of health of the person.
WHY ARE HACKERS INTERESTED IN HEALTHCARE DATA?
The problem is simple: health data has value. There is even on the Dark Web [hidden face of the Web, parallel market where arms, drugs, contraband products are exchanged…] a quotation of the medical file, which goes from 30 to 200 dollars.
Right now, it’s trading at roughly $ 60. A hacker who steals a database of 100,000 to 300,000 patients will be bought from him for several million.
So, hackers are very interested in healthcare data as they can be able to make a lot of money on both levels, selling healthcare data to external parties or selling you back your data as it’s considered crucial to your medical practice.
The Purpose of Healthcare Data Hacks
Reselling the information to companies that need it (insurance companies, pharmaceutical laboratories, etc.) or even to other countries “as part of global espionage”.
It is not the sales manager of an insurance company who is going to buy this data on the Dark Web to find out whether he insures you or not.
There is a legal market for aggregated non-nominative data and there is a black market for this data.
It’s difficult to decide what the Dark Web is, by definition it’s opaque and most of its actions are untraceable.
It’s not just about the theft of healthcare data, but the worse is that they ask for ransoms to give you back your healthcare data.
What is a Ransomware?
It is a type of hacking to a device of a person or organization with the aim of encrypting the files inside this device (and the devices connected to it in the local network) or blocking the operating system in that device and then blackmailing its owner (the person or company) to pay a ransom in exchange for re-decrypting the files or removing Lock the device and its operating system.
Ransomware is one of the types of electronic extortion (cyber extortion), but what is cyber extortion?
What is Cyber extortion?
It is a crime that occurs online and includes an organized attack by hackers on a specific device or institution with the aim of obtaining money in exchange for stopping the attack.
Electronic extortion takes several forms, including encrypting files and holding them (hostage), stealing data and threatening to disclose and publish it, or preventing the user from accessing his data on his private computer.
- Safeguarding Your Mental Health Practice Management with Software: A Guide to HIPAA Compliance
- A Guide to the Best Intraoral Scanners of 2023
- Different Types of Technology Being Used To Fight Cancer
- 5 Innovations That Are Helping Pharmacies Become More Efficient
- Medtech is Booming: How are Fiber Optics Driving its Spread?
What is the Risk Associated with Hacking Healthcare Data by Ransomware?
For patients, such hacking results in the very unpleasant idea of seeing their pathologies publicly revealed on the Web, or potentially sold without their consent.
Many mishaps that hackers and cyber gangs steal hospitals data and publish it on the web including medical records and patient information, lately in the U.S and Ireland they had published medical reports including the identity of the patients.
But the risks can go beyond, threatening the health of patients, If you make a hospital information system inoperative, it no longer functions normally.
Staff is stressed, equipment no longer works, drug orders are slowed down, access to files is more complicated.
This necessarily leads to a loss of opportunity for patients and significantly affects patient care and healthcare facility performance.
Healthcare technology is evolving day by day and comes up with a lot of digital solutions that depend mainly on data like imaging equipment (CT, MRI,…etc.) and laboratory equipment (hematology,….. etc.).
These machines are increasingly digitized, but they are unstable from an IT point of view and therefore difficult to secure [without causing a bug]. Suppliers also prohibit installing protection systems, under the penalty of losing the warranty.
The Recent Statistics About Healthcare Data Breaches
- Healthcare data security breaches cost around $ 6 trillion for healthcare organizations. (PhoenixNAP)
- Cyber security for healthcare industry is expected to consume $ 65 million between 2017 and 2021. (Herjavec Group)
- 34 % of healthcare organizations have been hit by ransomware in 2020. (Sophos)
- Attacks on healthcare data has the highest cost among other industries that can be valued at $ 408 for one record (HIPAA Journal)
- Healthcare providers in U.S had about $ 157 million losses due to the ransomware attacks (HIPAA Hournal)
- Around 9.7 million medical records have been breached by hackers in September 2020 only (HIPAA Journal)
The healthcare industry holds a treasure trove of healthcare data about patients, their medical and insurance records, and their medical history, even more valuable than financial information.
Cyber security experts warn that the sector is turning into the biggest targets of hackers and cyber gangs, and what contributes to increasing the danger is the increasing number of medical devices connected to the Internet inside hospitals.
Protecting healthcare data, through which their personalities can be revealed, is only one task for those responsible for healthcare systems in the face of cybercrime, and other tasks include securing networks, especially with the increasing number of medical devices connected to the Internet in hospitals and clinics, and all of them represent potential ports of entry to Networks that need more security.