Healthcare is one of the most data-rich industries in the world, and the system has incredibly desirable data. Not only are names, addresses, phone numbers, social security numbers and every piece of information needed to steal a person’s identity in their records, but so is information that could lead to blackmail, fraud, or con games of many nefarious sorts.
The attacks that shut down many of Britain’s hospitals, including emergency rooms, was a perfect storm of ransomware using a hacking method it is believed was developed by the NSA as one of their “cyberweapons.”
The attacks began with a simple phishing email like the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. After spreading through the computer systems of the victims, their data was encrypted and access was denied, including to patient records in Britain.
The hackers then demanded ransom for the users to be let back in starting at $300 for individual computers and going up from there. It was unclear who was paying, but the attacks hit as many as 125 countries around the globe.
This highlights the vulnerability of many of the systems we rely on every day, healthcare being one of the primary ones. Denial of Service is just one part of the puzzle. However, imagine the centralized EHR system envisioned by the ACA, a central location where all of American’s medical records could be accessed. “Hackers and cyber criminals are no longer only after our credit cards to make a few purchases and ruin our finances,” Twila Brase, president and co-founder of Citizens’ Council for Health Freedom stated in 2015. “The intent of government actors is much more sinister, and advancing a national initiative to combine Americans’ private medical records into one unsecured system opens the door not only to standard criminals but also to those who are a potential threat to our national security.”
Imagine losing control of that, or a ransomware attack on such a silo of information. How much would it be worth to unlock it?
The healthcare system talks a lot about security and keeping patient records and information confidential. But how well are we doing?
Also published on Medium.