A Health Hack Wake-Up Call

Niam Yaraghi | US News & World Report | April 1, 2016

Hospitals went digital almost overnight, but they neglected to prioritize patient data protection.

U.S. hospitals appear to be under a new type of IT hacking attack: crypto-ransomware. Hackers have changed their approach and instead of stealing patient data, they are now locking down the computer systems of hospitals and asking for a ransom, in bitcoin, in order to allow hospitals to have access to their own computers. Multiple hospitals in California and Kentucky and Maryland have been the victim of such attacks over the last week and despite an FBI investigation into the MedStar hack, there seems to be no solution on the horizon.

Why have hackers targeted hospitals? And should patients be concerned about these information technology breaches? Hospitals are very easy targets for hackers. Unlike other sectors that implemented IT naturally and gradually over the course of many years, health care went digital overnight, after the government allocated billions of dollars to promote adoption of electronic health care records. According to the statistics by Office of National Coordinator for Health Information Technology, while only 9.4 percent of hospitals used a basic electronic record system in 2008, 96.9 percent of them were using certified electronic record systems in 2014.

This explosive growth rate is alarming and indicates that health care entities could not have the organizational readiness for adopting information technologies over such short period of time. Many of the small- or medium-sized health care organizations do not view IT as an integral part of medical care but rather consider it as a mandate that was forced on them by larger hospitals or the federal government. Precisely due to this reason, health care organizations do not prioritize IT and security technologies in their investments and thus do not allocate required resources to ensure the security of their IT systems which makes them especially vulnerable to privacy breaches...