Healthcare data breaches continue to rise
Whilst an overwhelming amount of data breaches occur due to human error – like sending an email to the wrong recipient, or failing to hide multiple recipients’ identities from each other – ransomware of healthcare records are on a rapid climb.
In a report conducted by the Breach Industry Forecast, patient data is one of the most valuable types of information to cyber criminals. Hospitals and other healthcare organisations usually keep masses of patient data in digital databases, and these are far from secure it seems.
Pay up or else…
Ransomware attacks attempt to gain access to patient medical records and if successful will alert the healthcare organisations that their files are now locked and threaten to shut their systems down, delete data, or compromise patient details unless a ransom is paid.
As the nature of the information is sensitive and highly important, doctors may not have time to negotiate with anonymous criminals. With lives at stake, hospitals may often pay the ransom.
Criminals withholding information to exploit for money is a tricky situation. On the one hand you don’t know if they will destroy the information or keep asking for money even after you pay them, and on the other – if you require the information imminently – do you really have time to not comply with their demands?
Stolen records
Healthcare data is highly valuable to cyber-criminals as they can easily sell the data on the dark web or use it to try and compromise further information. From there, unauthorised holders of the data could use the information for identity theft and fraud. Criminals can impersonate the data owner themselves in order to gain access to more information. They can contact the data owner, posing as a service provider, and perhaps quote the information to ‘verify’ who they are.
As an example, criminals could call an innocent patient stating that they are from the hospital’s financial services team and that the last payment for a prescription didn’t go through. The criminal could persuade the patient into thinking they are legitimate by confirming their address, date of birth, and in some cases the medical condition they have, or even recent hospital visits.
Digital records and the risk to the healthcare industry
The dangers of data breaches is further fuelled by the need to digitalise reports. In this ever-growing technological world, everything is becoming digitalised. Society relies on information and needs it quickly. Today, it’s unacceptable for a doctor to delay treating an unconscious patient because they weren’t sure the patient was allergic to a type of medication or not. Immediate access to records at the touch of a button should mean no delays.
Needless to say, this all comes at a price. Whilst hospitals need to make a quick decision to pay when healthcare records are being held to ransom, it seems like it’s only a matter of time before it happens again. Hospitals don’t have an endless supply of money to keep paying these ransoms off. That money is supposed to be used for patient care; for every £1 million spent on paying a ransom to release life-saving documents, that’s £1 million that should have funded our national health service.
If hospitals are to enter the digital world to take advantage of speedy access to data, they need to take responsibility for protecting their patient’s data.