About Careers Internship MedBlog Contact us
Medindia LOGIN REGISTER
Advertisement

Ransomware Scare: Healthcare Records Frequently Targeted By Hackers

by Shirley Johanna on April 30, 2016 at 3:37 PM
Font : A-A+

Ransomware Scare: Healthcare Records Frequently Targeted By Hackers

A ransomware attack at Hollywood Presbyterian Medical Center in California, kept health care records in the control of anonymous hackers until hospital officials paid $17,000 to take back their system.

Data ransom attacks are today's technological version of kidnapping. It's anonymous, more cost-effective and more appealing to criminal enterprises than taking physical hostages. And it's the reason health care institutions today are taking steps to ensure security.

Advertisement


As part of an ongoing conversation, health care professionals and government agencies will meet on May 1-11 in Washington D.C. to discuss health data as part of the Health Datapalooza event presented by Health Data Consortium.

At Creighton University, law professor Edward Morse is researching the technological and legal limitations for paying data ransom.

"If you can deny access to patient care records, you shut down hospital operations," Morse said. "With HIPAA, a patient's electronic records are protected under law. But, a patient's medical information is only as strong as an institution's weakest link.
Advertisement

It can be as simple as a disgruntled employee; someone who is willing to give up a password to a potential hacker, so hospitals are working to increase security and limit the number of employees who can access sensitive data.

Adam Kuenning, an attorney with Erickson | Sederstrom and a Creighton law professor, teaches HIPAA privacy and security.

"Patient care comes first for any medical professional," Kuenning said. "The importance of keeping the information secure may sometimes be lost while the medical professional is focused on the patient's care."

Any HIPAA breach of more than 500 patients must be reported to the media, and the Department of Health and Human Services keeps a record of these cases online. Since 2009, more than 1500 cases have been recorded. For cases affecting less than 500 patients, only a letter sent to affected persons is required.

To ensure HIPAA compliance, HHS is conducting audits healthcare companies, but often carelessness is the root cause of a breach. Frequent problems are laptops and thumb drives with private medical information left in an employee's car.

"Data that's not encrypted is being stolen somehow," Kuenning said. "People are breaking into your office, stealing your computer, your servers when you didn't encrypt your records that evening."

In the California hospital case, an outside hacker stole records by taking over the computer system. In these cases, it's common that patient information isn't actually stolen; rather, hackers freeze the system, making the records inaccessible to medical personnel who need the information to properly care for the patients.

Last June, President Barack Obama stated while the U.S. government won't pay ransom for hostages, American families have never "been prosecuted for paying a ransom." In most health care cases, private ransom payments often go unnoticed. Few cases like Hollywood Presbyterian Hospital are publicized. According to Morse, thousands of attacks are attempted, but it's unknown how many are successful.

"With this crime, it's embarrassing to institutions, that their systems aren't secure," Morse said.

Payouts to criminal enterprises are relatively inexpensive. The black market values each patient's record at $50 or $60, Morse found. According to a Ponemon Institute Survey, hackers only earn about $28,000 annually, but Morse notes that this wage could equate to a lot more with hackers coming from developing countries.

Without patient's records, the hospital reaches a standstill, creating the need to comply and pay a ransom.

"If you can pay, you would do it in a New York minute," Morse said.

As the health care industry becomes more invested in technological innovations, institutions must keep privacy in mind, as a data breach can "ultimately, sully the reputation of an institution," Morse said.



Source: Newswise
Advertisement

Advertisement
News A-Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
What's New on Medindia
Top 10 Foods for Decreasing DHT Production and Preventing Hair Fall
Alarming Cesarean Section Trends in India - Convenience or Compulsion of Corporate Healthcare
Quiz on Low-Calorie Diet for Diabetes
View all
Recommended Reading
News Archive
Date
Category
News Category

Medindia Newsletters Subscribe to our Free Newsletters!
Terms & Conditions and Privacy Policy.

More News on:
Awareness about Healthcare Insurance in India Healthcare Insurance-Common Terms and Definitions 

Most Popular on Medindia

Drug Side Effects Calculator Nutam (400mg) (Piracetam) Post-Nasal Drip Sanatogen Find a Doctor Daily Calorie Requirements A-Z Drug Brands in India Color Blindness Calculator Blood - Sugar Chart Turmeric Powder - Health Benefits, Uses & Side Effects
This site uses cookies to deliver our services. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Use
open close
CONSULT ONLINE WITH A DOCTOR

×

Ransomware Scare: Healthcare Records Frequently Targeted By Hackers Personalised Printable Document (PDF)

Please complete this form and we'll send you a personalised information that is requested

You may use this for your own reference or forward it to your friends.

Please use the information prudently. If you are not a medical doctor please remember to consult your healthcare provider as this information is not a substitute for professional advice.

Name *

Email Address *

Country *

Areas of Interests