Hospitals are increasing the use of networking through computer systems and devices to easily access electronic health records, medical imaging, asset tracking, communications, vendor software-as-a- service solution, and patient monitoring. It has become an integral part to the lives of medical staff and patients everywhere. With the use of networking in the hospital, it’s becoming a challenge to protect the privacy of patients’ health records and securing electronic data since its vulnerability to a wide variety of security threats. According to a 2017 Cybersecurity news article, healthcare cybersecurity attacks rise 320% from 2015-2016, making the healthcare industry suffer the most cyberattacks that are happening. (1)
Hospital and health facility administrators face hardened criminals who hack medical records with ever-increasing sophistication. Hackers gain access to critical information, such as medical claims, financial data, Social Security numbers and credit card data that enable identity theft, credit card fraud and other privacy breaches. One of the major security failures in the news was the CareFirst BlueCross BlueShield attack that exposed 1.1 million of its members to thefts of their personal information. Combined with high-profile breaches at Anthem and Premera Blue Cross, the breach illustrates the changing role of medical administrators
This paper will discuss the various threats and vulnerabilities related to the United States healthcare system as well as government regulations and policies as well as the issues of overall personal data security as a whole. Threat assessment in regards to a cyber- attack and the level of liability in the aftermath of a cyber-attack will also be discussed. In addition to the implementation of future protocols regarding personal identifiable information to reduce the sheer number of vulnerabilities, prevent data theft as a result of future attempts at cyber-attacks.
With the introduction of computers and the internet opens limitless possibilities for the world to become so much more interconnected and interactive. However, that same limitless potential is both a blessing and a curse. The open internet is a system that allows for unlimited access to almost any sort of information. That same openness makes security for one’s self difficult and there isn’t anyone who is completely secure. The introduction of the internet for broad use and public consumption also came with the federal government’s attempts to prevent the theft of personal information. In the late 1990s, President Bill Clinton signed into law two provisions to protect copyright and affordability of healthcare: the Digital Millennium Copyright Act (DMCA) and the Health Insurance Portability and Accountability Act. In 2011, a bill was introduced into the United States House of Representatives called the Stop Online Privacy Act (SOPA) to combat online copyright infringement and online trafficking in counterfeit goods. Obviously the DMCA and SOPA have much more in common as they deal with copyright infringement. As such, they also have a profound impact on information security. HIPAA is important as well as it keeps confidential information like medical records to only be accessed by patients and medical professionals. All three of them touched on an important subject, information security, that warrants the
The safeguard of patient health information and consumer information is effectively and sufficiently guarded is the upmost importance to any organization. Information security is important because it the law. Any deficiency of an effective information security program can be costly to an organization and be detrimental to patients and consumers. Organizations must be aware of the growing opportunities for breaches in security as technology is advancing is making the collection, maintenance, and dissemination of protected health information easier (Sayles, 2013). The following two security breaches will identify threats, and provide a security plan for the organization.
The potential vulnerabilities within a Health Delivery Organizations (HDOs) are numerous. The impact of exploitation of the can be enormous. It’s not only that the information will be damaged, stolen, or misused; the actual or implied theft of improperly protected electronic data can result in extortion threats. The cost and distraction of a hacker’s extortion demand that threatens to shut down an entity’s system or to expose confidential information can be significant. In addition to the direct costs related to the extortion demand, a facility can have major expenses, including those for the required notification of patients related to the real or threatened release of their identity information. Many states require companies to notify all of their customers if a breach is even suspected. The potential for exploitation does not stop there. Consider any of the following scenarios, note that some do not even require access to personal information, a hacker just needs to get access:
According to the 2015 KPMG Healthcare Cybersecurity Survey, 81% of healthcare executives report that their “organizations have been compromised by malware, botnets or cyber attacks at least once in the past two years.”
The cases of hospital cyber attacks have been on the increase in the recent years. For example, there was a rise in the total cases of data breaches in the United States of America in 2014. According to a report that was presented by the ITRC (Identity Theft Resource Center), data breaches in U.S hospitals in 2014 increased by 27.5% when compared to the previous years. In 2015, data breaches in hospital have reached 5,029 that include an estimation of 675 million records (Fensholt & Holloway, 2013). In 2014, the healthcare industry recorded the highest cases of data breaches, followed by the business sector.
One major problem the industry faces today is unauthorized access into their computer software infrastructure. Vulnerabilities in the system software, especially the Remote Desktop Protocol (RDP), provides hackers the opportunity to completely take control of the affected systems, allowing them to steal protected patient data, install malicious software programs, and/or commit cybervandalism. However, if the attempt fails to exploit the system, Denial of Service (DoS) conditions could result, making it impossible for legitimate users to gain access. Desktop productivity software tools, such as Microsoft Access poses software vulnerabilities due to hidden bugs or program defects. Although businesses use encryption to protect digital information, hackers are finding ways to exploit the digital credentials of the Electronic Health Record (EHR) system by using phishing scams. From a security standpoint, the healthcare industry is ill-prepared in dealing with hackers looking to gain access to highly confidential data, even with HIPAA laws enforced. The organizations' failure to recognize where risks are and how to implement preventive security controls can have devastating repercussions on their stockholders. Although errors in application controls can be corrected with a process called patch management, those less prepared tend to be one step behind the threats, impacting the businesses’ time and bottom line. Identify theft, which has increased exponentially, can have a significant effect on customers’ financials and time lost by correcting erroneous information. As cybercrime increases, it is imperative healthcare organizations and their leaders start protective proactive measures, this includes performing risk assessments, implement a security policy, and conducting information systems audits to
Throughout the year 2014 through 2015 many technology changes occurred to reduce the threat of healthcare fraud. Statistics show that healthcare fraud abuse laws help control cheating the system in the healthcare field. In 2014 68 billion dollars were spent on healthcare fraud, estimated by the national healthcare anti-fraud association. Others estimated that the cost could reach as much as 10 percent or 230 billion of the 2.27 trillion spent on healthcare fraud in 2015. With this coming to light to the health care administration and the U.S government. Healthcare fraud and abuse programs have been put in place to cut down this costly threat.
The January 6 article titled Consumerization, cybersecurity among key challenges for hospital IT execs in 2016, caught my attention as hospitals, clinics and main stream healthcare are all moving towards the ever-changing health information technology industry. The articles synopsis discusses the increase in technology, business challenges, consumer usage and growth, healthcare industry and the security concerns for all areas connected. Part of the discussion in 2016 is “finding the right people and using the right tools for managing risk, population health, anticipating value-based purchasing metrics and penalties, quality and safety” (Bowman, 2016, para 3). The belief is through cyber-health patients will have the capability to “comparison
There are many issues affecting the healthcare sector in this day and age. Some of these issues include the cost of healthcare and the rise of it, the quality or efficiency of healthcare, or the shortage of physicians. All of these issues directly affect patient care and can be avoided with proper standards and practice. However, in 2015, there is no other issue directly affecting patients, in terms of patient privacy and willingness to come back to a certain entity, more than identity theft.
It is critical now more than ever, due to the lack sufficient security, to protect patient data in the healthcare industry. Therefore, in order to accomplish this goal, investigation into the possible causes of inadequate security as well as the other causes of healthcare breaches and cyber-threats must be explored. Without this analysis, patient data will continue to be compromised, which will cause devastating damage to both patients and healthcare organizations. From the extensive research on the outbreak of healthcare data breaches, the major factors that contribute to the increase of this issue were discovered. By thorough analysis of these factors, useful solutions will be developed to decrease the compromise of patient data as well as healthcare organizations implementing better security measures.
Cyber Crime is described as criminal activity committed via use of electronic communications with respect to cyber fraud or identity theft through phishing and spoofing. There are many other forms of cyber-crime also such as harassment, pornography etc. via use of information technology.