Sixty-four percent of healthcare organizations indicated a cyberattack successfully targeted their medical files in 2016 — a nine percent increase from the year prior — according to an ID Experts-sponsored Ponemon Institute survey.
A team of experts — William Gordon, MD, Massachusetts General Hospital; Adam Fairhall of Partners HealthCare; and Adam Landman, MD, CIO and vice president of information systems of Brigham and Women's Hospital, all based in Boston — sought to examine the impact of cyberattacks on patient health in a New England Journal of Medicine analysis.
Here are four security issues hospital leaders should know.
1. Denial of service attacks. These attacks make clinical systems unusable, but do not necessarily breach patient information. Recently, these attacks have taken the form of "ransomware," which encrypts — rather than accesses or downloads — data.
2. Breaches. Hackers often target hospitals because patient data is profitable on the "dark web." It is also "durable," meaning the identifying information can be used for years after the initial breach. Whereas credit card numbers can be cancelled and Social Security numbers can be changed, medical history cannot.
3. Medical device hack. Hackers may be able to exploit infusion systems, allowing them to remotely control devices and alter therapy administration. This type of hack might enable a cyberattacker to manipulate or harm individual patients.
4. Manipulation of patient data. A hacker might attempt to modify or change patient protocols, diagnostic reports, genetic data or progress notes, hindering a clinician's ability to deliver safe and effective care.
The authors recommend hospitals deploy "modern, best-practice security" techniques, such as data encryption, antivirus software, software updates and two-factor authentication, which would help to ensure only authorized personnel access their systems.
"As long as there is value in information, there will be attacks against the systems that secure it — information systems are fundamentally vulnerable. Nevertheless, if we acknowledge the public health implications of information security, we can improve dialogue, implement necessary protections and minimize the impact on patient care," the authors conclude.
More articles on health IT:
Wyoming hospital's third party bill pay vendor hacked, exposes patient data
Former employee distributes PHI of 1.5k Detroit Medical Center patients
Healthcare coalition supports House appropriation's proposed HHS budget