Cyber Attacks on Healthcare Institutions Face a Dramatic Surge
Hongyi "Michael" Wu
The number of cyber threats in health care, including computer system breaches and compromises of patient records, has risen significantly over the past two years.
Hongyi "Michael" Wu, director of Old Dominion University's Center of Cybersecurity Education and Research, said the increase is largely due to the growing use of electronic health records. An electronic health record refers to the systematized collection of patient health information in a digital format. These records can be shared between health care settings.
"While electronic health systems are being embraced for efficiency and productivity, they're becoming an increasingly attractive target for cybercriminals to steal medical and financial information," he said.
Wu added that while hospitals and medical centers usually deploy up-to-date cybersecurity systems, many cyber attacks occur because of human error. "For example, 91 percent of cyber attacks began with a user clicking on a phishing email," he said.
Health care professionals often have less exposure to cyber technologies compared with workers in other industries, Wu said. That lack of cyber-awareness gives cybercriminals an edge in hacking into medical IT systems.
Another reason for the surge in cyber threats in health care, Wu said, is the use of network smart medical devices, which collect medical data and transmit it through wired or wireless networks to doctors and nurses.
"It's fundamentally challenging to secure them, since they are extremely resource-constrained. For example, with less powerful central processing units (CPUs) and small memory, computers can't implement advanced cybersecurity technologies," Wu said. "Therefore, they are often exposed to an unprotected environment where people can have direct access."
In response to rise of cyber threats, the Healthcare Industry Cybersecurity Task Force is prompting the U.S. Department of Health and Human Services to issue a revised HIPAA (Health Insurance Portability and Accountability Act) breach reporting tool. It would help health care officials identify recent breaches of health information and learn how such breaches should be investigated and resolved.
Wu said he recommends that patients comb over medical bills for suspicious activity; confirm information on electronic medical files by requesting a copy of electronic health records from health insurers, and be aware of suspicious debt collection notices claiming to be from a doctor's office or insurance company.
