If personally identifiable data (PID) is at risk of theft from hackers, no PID is more sensitive, and potentially more valuable on the Dark Web (the online black market where stolen credit card details and Social Security numbers are for sale), than your health care records.
Your health care records not only contain data on the personal details of your body. They include your home and financial information, too. It is little wonder, then, that hackers are working overtime to steal access to health care PID, and that health care providers and cybersecurity experts are intensely focused on stopping them.
In 2018, health care was the second-most-attacked industry, behind government. IBM’s Cyber Security Intelligence Index estimated that more than 100 million records were compromised in recent years, costing the sector $6.2 billion.
This trend shows few signs of ending and the security sector is in an arms race with cybercriminals.
“The industry is starting to change, but health care is still lagging,” Jennings Aske, senior vice president and chief information security officer at NewYork-Presbyterian Hospital, said at Pace University’s recent cybersecurity conference. “You’re seeing health care organizations take security more seriously, which is the way it should be.”
Aske noted that hospitals routinely face ransomware attacks, which essentially try to hold a hospital’s or a doctor’s data hostage until a ransom is paid, thereby interrupting service and potentially putting patients’ lives at risk. But ransomware attacks are just one kind of threat. There are many other sophisticated operations that include lost or stolen equipment and data as well as hacking attacks on life-saving medical devices.
While hospitals and medical groups are often targets, so too are smaller businesses, which tend to be the most vulnerable. The U.S. Department of Health and Human Services reported that 58% of malware attacks were on small businesses and that, in 2017, cyberattacks cost small and medium-sized businesses an average of $2.2 million, forcing roughly 60% of small businesses to close their doors within six months of an attack.
Some of the biggest threats facing digital security are driven by the technical skills and sophistication of hackers, many of whom are part of organized crime groups or nation-state actors. In many scenarios, they are well-funded, disciplined and trained to exploit our defenses and system vulnerabilities.
That is why developing the necessary problem-solving skills to cope with the scale and enormity of our challenges is crucial, as is understanding the complexity of the security and the financial motivation of cybercriminals.
There is much work to do to shift our culture and defensive practices. Similar to searching for new cures and treatments for disease, we must come up with ways to protect ourselves preemptively rather than reactively. We need a concerted effort on the part of government, national security, health care institutions and universities to effectively fight the problem.
We must take responsibility for following the basic steps to protect our computers, tablets, cellphones and other devices from these hackers.
Cyber safety is an essential component of our national security and the safety of our personal data.
It’s a neverending struggle and one we cannot afford to lose. The health and safety of our society is at stake.
Jonathan H. Hill is the dean of the Seidenberg School of Computer Science and Information Systems at Pace University.