Health care cyberattacks becoming more common

Security is obviously a high-level priority for every health care services provider. However, despite this awareness, the health care sector has seen a growing number of successful cyberattacks, as U-T San Diego recently highlighted.

Increasing cyberattacks
The news source reported that cybercriminals are now frequently targeting health care organizations in order to steal a wide range of sensitive data, including both intellectual property and patients' personal information.

To a significant degree, this trend is unavoidable as hospitals and doctors' offices shift from paper to electronic health records in order to comply with the HITECH Act and other legislation. Cybercriminals are well aware of this process and are eager to take advantage of vulnerable systems. 

Highlighting these problems, cybersecurity firm FireEye recently released a study that found one cybercriminal organization stole sensitive information from more than 80 companies, the majority of which were either in the health care or biotech industries, the news source reported. 

Murray Jennex, a cybersecurity expert with San Diego State University, told the source that cybercriminals see health care providers as a means of acquiring the personal information they need to commit identity theft and fraud.

"Getting patient I.D. numbers is part of it," Jennex said, according to U-T San Diego. "When you get that, it becomes easy to fake identities. They're finding health care is a rich way of getting Social Security numbers."

Sharing issues
Part of the problem, according to Jennex, is the fact that doctors and other health care personnel are sharing sensitive patient information much more frequently these days. He told the source it is fairly common for doctors to ask patients to sign waivers to this effect. 

"So that means a wider range of people have access to that information, even though it's controlled," said Jennex, according to the source.

Better tools needed
However, this does not mean that health care professionals should suddenly put an end to the practice of sharing patient information. While that may improve overall safety, the lack of collaboration may severely undermine patient outcomes.

"Hospitals must embrace tools specifically designed to balance security with effectiveness."

Instead, hospitals must embrace tools specifically designed to balance security with effectiveness. For example, Aptris ServiceNow includes a tool which redacts patient information from support cases. This means that even if the ticket falls into the hands of a cybercriminal, there is no PHI that can be used for identity theft or fraud, effectively maximizing efficiency without putting patients in danger of exposure.