Physicians cannot cure this hospital virus


Recently, the WannaCry ransomware made the headline news when it encrypted computer files of the UK's National Health Service. The ware then blackmailed the owners to pay a fee in bitcoin, a digital currency.

Several hospitals were forced to shut down their entire IT systems and suspend certain services. As a result, the general public has been reminded of the challenges to security and privacy that come with the rising prevalence of wireless devices and electronic health records.

Given the nature of cyber-attacks, children and elderly demographics are most vulnerable. While other demographics are as likely to click a comprised link, the elderly are more likely to be receiving medical care from a networked facility. Therefore, due to lax encryption and access control mechanisms, it is possible that hackers could take advantage of elderly patients’ ignorance of modern online security practices to compromise IT infrastructure in large healthcare organisations. This puts every participating party, including insurance providers, hospitals, surgery centres, clinics, doctors, and patients at risk. In many cases, online security breaches go unreported or unknown by the general public.

Healthcare data can be very lucrative to cybercriminals, as it contains a large concentration of sensitive data including patient’s medications, medical history, social security number, and insurance provider. All of these can be resold on the black market. In addition, hospitals cannot afford to have their systems down for too long because lives are at stake. Therefore, instead of risking a publicity nightmare, they are more likely to concede to attackers. In addition, effective healthcare data security can be particularly difficult to implement because healthcare institutions hold on to legacy pieces of software that may contain security vulnerabilities that are no longer monitored or updated.

To maintain the security and privacy of their patients’ information, it is imperative that healthcare institutions are proactive about assessing the risk of security breaches and teach their staff proper online security practices. This can be considered the digital analogue to the proper hygiene rules initiated to control biological infections. 

Electronic systems should be monitored to detect any breach and there should be a protocol in place to mitigate attacks. Innovations such as blockchain technology, which enables a decentralised storage of data and can manage permissioned access of sensitive information among diverse entities, can significantly reduce the massive attack vector in current centralised data repositories. With proper proactive protection in place, future cyberattacks on the healthcare system will hopefully fail.

For more strategic insight into medical trends, take a look at GlobalData's latest reports.