{"id":2603,"date":"2014-02-27T20:09:16","date_gmt":"2014-02-27T20:09:16","guid":{"rendered":"http:\/\/ncjolt.org\/?p=2603"},"modified":"2020-06-04T20:53:44","modified_gmt":"2020-06-04T20:53:44","slug":"cyber-criminals-are-hitting-us-where-it-hurts-a-new-report-shows-that-healthcare-organizations-may-not-even-know-the-danger-exists","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/cyber-criminals-are-hitting-us-where-it-hurts-a-new-report-shows-that-healthcare-organizations-may-not-even-know-the-danger-exists\/","title":{"rendered":"Cyber Criminals are Hitting Us Where it Hurts; A New Report Shows that Healthcare Organizations May Not Even Know the Danger Exists"},"content":{"rendered":"<p>The medical industry has come under siege by hackers.\u00a0 Recent reports have shown that healthcare organizations are being attacked at a high rate, with roughly <a href=\"http:\/\/www.latimes.com\/business\/technology\/la-fi-tn-study-epidemic-of-cyberattacks-have-compromised-healthcare-orgs-20140218,0,4761289.story#axzz2uNqY1K7F\">three hundred and seventy-five attacks<\/a> occurring within one year.\u00a0 Several reasons have been postulated for the amount and severity of these attacks, which may have serious repercussions for patients and their families.<br \/>\nThe attacks have led to breaches which expose patient data and compromise the integrity of medical equipment and tend to target healthcare providers most often, but also insurers and pharmaceutical companies.\u00a0 The theft of patient data often includes sensitive information such as social security numbers and addresses.\u00a0 Interference with medical equipment can be even more sinister\u2014causing hackers to <a href=\"http:\/\/www.norse-corp.com\/PR-cyberthreat-140218.html\">obtain control<\/a> of machines used for patients in critical care.<\/p>\n<blockquote><p>Recent reports have shown that healthcare organizations are being attacked at a high rate, with roughly <a href=\"http:\/\/www.latimes.com\/business\/technology\/la-fi-tn-study-epidemic-of-cyberattacks-have-compromised-healthcare-orgs-20140218,0,4761289.story#axzz2uNqY1K7F\">three hundred and seventy-five attacks<\/a> occurring within one year.<\/p><\/blockquote>\n<p>Researchers and healthcare leaders are looking for the root of this problem, and limited hospital data security appears a good place to lay blame.\u00a0 Many hospitals do not have upper-level information security personnel; most also spend <a href=\"https:\/\/advance.lexis.com\/GoToContentView?requestid=dae2179e-aaef-fd93-2591-1e365d8a49c8&amp;crid=184d0ddc-79c4-43c0-a512-f1893f05ffa0\">very small percentages<\/a> of their Information Technology budgets on security.\u00a0 As more healthcare organizations move toward storing their patients\u2019 information on the Internet increased security must be utilized, and many organizations have admitted to using \u201copenly exploitable [security options] (such as default admin passwords)\u201d as the only line of security for their patent information.\u00a0 Cyber criminals are readily exploiting these gaps in security.<br \/>\nTo add to the complications, \u201c[f]or many organizations governed by stringent regulations such as the Healthcare Insurance Portability and Accountability Act (HIPAA), compromises and breaches lead to massive fines.\u201d\u00a0 Healthcare organizations who have suffered a breach of security are likely to be liable for damages to the patients whose information is leaked.\u00a0 WellPoint, an insurer, paid nearly <a href=\"http:\/\/www.healthdatamanagement.com\/news\/mri-machine-a-hacking-conduit-47267-1.html\">two million dollars<\/a> in damages for leaked information in 2013, which WellPoint admitted was a mere \u201cfraction\u201d of the total costs incurred by the breach, including other costs for new investments.\u00a0 And the costs may be compounded when one factors in the fact that many healthcare organizations do not become aware of the security breach right away, if ever.\u00a0 Organizations were asked about their experience with cyber security breaches, and their responses indicated that \u201c[m]any of the organizations took months to detect their compromised positions or never did.\u201d<br \/>\nEven if compensation is paid to patients harmed by cyber attacks, the attacks are still likely to cost patients money in the long term.\u00a0 If healthcare organizations are forced to pay large settlement costs, those costs will be passed on to their consumers\u2014meaning higher cost of healthcare. \u201cWhile most consumers are shielded against ecommerce-related theft and fraud expenses, they are responsible for costs related to compromised medical insurance records and files &#8211; costs that reached $12 billion in 2013.\u201d<br \/>\nThe healthcare industry is <a href=\"http:\/\/www.healthdatamanagement.com\/news\/mri-machine-a-hacking-conduit-47267-1.html\">alarmingly far behind<\/a> in some aspects of information security.\u00a0 This has led to a strikingly high number of cyber stacks which have left the private information and even the safety of patients and clients in question, and which without effective measure may have larger and more chronic economic effects.\u00a0 Fortunately awareness of the issue is increasing, and the hope is that healthcare organizations will heed the warning.\u00a0 \u201cUntil they do that, the industry is going to struggle.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The medical industry has come under siege by hackers.\u00a0 Recent reports have shown that healthcare organizations are being attacked at a high rate, with roughly three hundred and seventy-five attacks occurring within one year.\u00a0 Several reasons have been postulated for the amount and severity of these attacks, which may have serious repercussions for patients and <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/cyber-criminals-are-hitting-us-where-it-hurts-a-new-report-shows-that-healthcare-organizations-may-not-even-know-the-danger-exists\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2603"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=2603"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2603\/revisions"}],"predecessor-version":[{"id":7495,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2603\/revisions\/7495"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=2603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=2603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=2603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}