Hacking and Healthcare

This year, healthcare was a hot topic. Donald Trump’s election raised critical concerns for U.S. citizens wondering what will happen to Obamacare, Planned Parenthood and the fight for a universal healthcare system. Less talked about was the epidemic of cyberattacks on hospital databases.

Did you know that the healthcare sector has been the hardest hit by cybercriminals since 2010? Healthcare records contain a tonne of highly sensitive personal information (think: social security numbers, addresses, full names and dates of birth) that can be used for identity theft and fraud. But what really makes healthcare a juicy target for a professional hacker is your health insurance information, which can be sold on the black market to commit medical fraud– a much bigger payoff.

Global management consulting firm, Accenture, forecasts that cyberattacks will cost the U.S. healthcare system $305 billion dollars over the next five years, and that burden will (unfortunately) fall on individuals as well as institutions.

What most health systems don't realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information Unlike credit card fraud, medical fraud often leaves the burden of payment on the victim. Because the perpetrator has stolen so much of your information, it can be exceedingly difficult to dispute fraudulent charges– most people just give up. This kind of fraud can also be a “slow burn”, you may not know your medical records have been hijacked until you are trying to receive care. Only to find that your health insurance has already been maxed out. A criminal can obtain large amounts of prescription drugs or bill your insurance company for services.
Whereas credit card companies generally insure your card for losses over $50, victims of medical fraud often do not have the automatic right to recover their losses. Some estimates place healthcare records as much as ten times as valuable as credit card information.

“What most health systems don’t realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information,” said Kaveh Safavi, M.D.

In Canada, a federal policy of universal healthcare has been in place since 1984. However, questions surrounding the sustainability of funding are ever present in the minds of healthcare professionals. During a conference in 2015 on strategic foresight, it was determined that cybersecurity needs to be a key consideration in the decisions made around the future of healthcare funding.

So…what is being done about this?

Well, in February of 2016 the Obama administration launched the Cybersecurity National Action Plan with the aim of educating the next generation of cybersecurity personnel. But James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C. says education needs to extend to regular folks.

The Canadian government would appear to agree. The federal government released a statement indicating that cooperation amongst our three levels of government is essential to a comprehensive and cohesive approach to cybersecurity. The government is calling on provincial governments to do their part when it comes to raising awareness.

After all, a hospital’s security is still usually breached by the same breed of phishing emails that target individual citizens.

Our advice? Learn to recognize what a phishing email looks like and train yourself NOT to click on a link if you have any doubts about the origin of the email. Societal problems are the collective sum of our individual actions. In other words, improving your own cybersecurity is the first step to combating the increase in cybercrime. Make a habit of cleaning out your computer and make sure you are staying up to date on the latest developments in the tech industry.  

Leave a Reply

Your email address will not be published.