PERSONA THEME TRENDS WELL-BEING ISSUES
Cybersecurity: The Vulnerability of Medical Institutions to CyberAttacks
NEWSCOPE
RESEARCH
Written by MANAS INGLE AND SHARDA BALAJI
M
cAfee’s researchers were able to modify the vital sign data in real-time providing false information to medical personnel by switching the heartbeat records from 80 beats a second to zero within five seconds. You would have woken up to news that Medstar patient records’ database was subject to ransom ware cyberattack and was asked to pay bitcoins. Unfortunately, the hospital did not have backup of medical records and in some cases, they had to turn away the patients. These incidents, unfortunately, are not stray incidents. There are various technologies converging and a rapid increase in
machine-to-machine communications. It is predicted that by 2025, most hospitals will have the ability to network connect more than 90% of their devices. However, many hospitals are yet to make their data security systems extremely robust. Data privacy and data security are the two important pillars that need urgent consideration. Just as financial data is loved by the cyber criminals, so is health data becoming a gold-mine with the cyber offenders. Specially so when the hospitals are run on legacy systems and there is no dedicated framework or surveillance on their own data. Personally, identifiable data is an
indicator of an individual, such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Several cyberattacks on medical institutions are initiated to extract the electronic health records (EHRs) of patients. These EHRs may contain their personal health information, medical history, diagnosis codes, billing information, etc., which can be exploited by the cyber offenders in various manners, for instance to get ransom from the medical institutions or to create fake IDs to buy medical
