Cyberattacks in Hospitals

Healthcare records were digitized to help prevent medical errors such as misdiagnosis and mistakes with medication,but electronic health records (EHR) have made it easier for bad actors to steal patients’ highly personal information.

FREMONT, CA: Cyberattacks in hospitals are increasing exponentially year after year. Healthcare data is valuable on the black market because it contains all of an individual’s personally identifiable information, as opposed to a single marker that may be found in a financial breach. Often these attacks see hundreds of patients’ data compromised or stolen.

That data can be used by crooks for financial fraud such as filing false tax returns or applying for credit using a stolen identity. Healthcare IT professionals’ greatest fear are stronger or more frequent cyberattacks, and users ignoring security guidelines, as stated by Security Software Netwrix in its 2020 Cyber Threat Report.

Google, Microsoft and Apple have all extended the healthcare field, while Facebook has announced plans to do so. Google’s efforts include the Google cloud for healthcare and life sciences; signing a 10-year strategic partnership with the Mayo Clinic under which it will store and secure the clinic’s data; and working on an EHR model that uses machine learning to forecast and predict patients’ health outcomes.

Microsoft will launch the Microsoft cloud for healthcare, which will provide self-service portals and applications that will help patients interact directly with health teams among other things. 

This set of standards, known as Fast Healthcare Interoperability Resources (FHIR), defines how healthcare information can be exchanged between different computer systems regardless of how it's stored.

One of the most prominent cases of data breaches is due to human or user error. Verizon’s 2019 DBIR lists that around 59% of all healthcare security breaches were caused by trusted insiders. Users unwillingly can open the backdoor access to their data while accessing lab work from the provider’s portal over an unprotected network, emailing sensitive information, or by uploading/downloading unencrypted data over the cloud. It should also be noted that while healthcare providers are bound by HIPAA regulations, users don’t come much under that radar. Hence, it is advisable for users to follow the best practices of safeguarding their data, paying attention to what and where they are disseminating their data, and use strong encryption wherever possible.

Healthcare providers must keep abreast of the latest threats, addressing choke points on privacy, data, and cloud alongside safeguarding data in rest, transit, and in use. And to stay in line with the latest developments and data security, novel IT solutions must be developed in the healthcare industry. They should also be used in accordance with the compliance matching data privacy and security. Adequate data security strategies, solutions, and policies will enable healthcare organizations to comply with monitoring and reporting regulations and share data securely, both inside and outside the medical facility.