How One Healthcare Data Breach Exposed the Health Information Security Crisis
It’s no secret that hackers are hungry for consumer information. We all double-checked our purchasing history when news reports surfaced surrounding the Target and Home Depot hacks. We were among the hundreds of thousands who frantically changed all of our passwords when the potentially catastrophic Heartbleed bug wreaked havoc across the web.
There are precautions we can each take as consumers to protect our valuable information, but hackers always seem to be a few steps ahead of us. Most recently, it seems they’ve found a way to attack our coveted data in the most vulnerable of settings: our healthcare facilities.
When you visit hospitals, the last thing on your mind is the safety of your personal information. But after hearing this breaking news, you may start to give that notion a second thought!
Cyberattacks on hospitals have quietly existed for a number of years. But today’s hackers are bolder and more sophisticated than ever. The February 2016 hack on Hollywood Presbyterian Medical Center in Los Angeles has brought healthcare data breaches and health information security to the forefront of national conversation.
Here’s what you need to know.
What happened with the healthcare data breach in Los Angeles?
The hospital personnel at Hollywood Presbyterian Medical Center in Los Angeles found themselves in the midst of an internal emergency in late February. For longer than a week, anonymous hackers held the medical facility hostage by shutting down their internal computer system for a ransom of 9,000 bitcoin, which would equate to approximately $3.7 million.
This largescale cyberattack forced the facility to revert to long-expired processes, such as using paper registrations and medical records. Emergency rooms were impacted and fax lines were jammed through lack of access to email. All 911 patients had to be relocated to other area hospitals.
While the source itself still remains unclear to the public, the attack has been attributed to a type of malicious software called ransomware. Put simply, ransomware prevents you from using your electronic device, holding all of your files hostage.
To put this in perspective, imagine logging onto your computer for the first time one morning only to be notified that you can’t access any of your personal documents, social media logins, email accounts or virtual bank statements until you pay a lump sum to an anonymous hacker.
Now multiply that into holding hundreds of patients’ personal and medical data hostage in exchange for more than three million dollars!
The hospital ended up paying out the equivalent of $17,000, and the FBI is currently investigating to identify the source of the attack.
Are we on the cusp of a major health information security crisis?
Healthcare data breaches don’t only impact the medical facilities by way of ransom. These hacks can also result in theft of valuable patient information – including financial documents – and can compromise patient data, causing injury or death.
While hackers are growing more sophisticated on all fronts, medical facilities are particularly vulnerable to their attacks. In fact, nearly 90 percent of healthcare providers were hit by breaches in the past two years. This rise in cyberattacks against doctors and hospitals is costing the U.S. healthcare system around $6 billion a year!
You don’t need to be an expert to understand this is a huge deal. But that doesn’t mean expert research isn’t surfacing on this topic. A group of white hat hackers – hackers who use their powers for good instead of evil – from Independent Security Evaluators (ISE) recently released a report concluding their findings after hitting 12 American hospitals in an effort to prove the extreme vulnerability of our healthcare data.
These researchers used a number of methods – all with the permission of the participating hospitals – to get a read on the strength of IT security. Vulnerabilities were found when the white hat hackers were able to access hospital systems including several patient monitors. This gave them the ability to sound false alarms, display incorrect patient vitals and more.
They also discovered ways to bypass important hospital logins, to create false IDs to hijack blood samples and drugs and to route all newly-entered patient information straight to the attackers without personnel or patients knowing it was happening. While some security breaches were achieved through highly sophisticated methods, others were as simple as deciphering weak, easily-crackable passwords or outdated systems.
While ISE was unable to assess the entirety each hospital’s information security measures, everything they did evaluate had gaping flaws. In the wake of the ransomware attack in Los Angeles, it is expected that more cyberattacks will put hospitals in a deep information security crisis.
Is an influx of InfoSec jobs the answer hospitals are seeking?
Whether the particular vulnerability of hospitals to cyberattacks is due to lack of funding, use of susceptible technologies, a major skills shortage or a harrowing combination of the three, it’s clear that something needs to be done to strengthen the nation’s health information security.
It’s no wonder InfoSec careers are on the rise! Jobs are expected to grow more than twice as fast as all occupations on average by 2024. And you can rest assured that in the midst of prioritizing cybersecurity, medical facilities will edge their way to the front of the line in recruiting top-notch InfoSec professionals.
If you’re curious about what these jobs in information security entail and wondering if you might be cut out to be the IT superhero hospitals are desperately seeking, check out our article: 5 Fascinating InfoSec Jobs that Help Combat Cybercrime.