We all know healthcare is an industry in transition. Providers are shifting in large numbers from vast-millennium information architectures of files and fax machines to modern, digital systems that are effectively secured — at least in theory.
I say “in theory” because in some cases, it seems security has actually gotten worse, not better. Why? There are many reasons — but a big one involves the rise of smart medical devices.
Just as consumers have shifted from landlines to smartphones, healthcare providers have started using smart, networked medical devices to improve clinician decision making, patient treatment methods and organizational performance. Think wearable technology that performs basic functions like heart rate tracking and diabetic risk assessment.
And that’s just a start. Smart sensors in general, 3D printing to create new devices on demand and custom apps for mobile platforms are playing a larger and larger role in healthcare delivery models. Collectively, they aggregate critical information, making it easier for medical professionals to understand patients’ context and then take swift and informed action on their behalf.
Healthcare Is Hackers’ #1 Target
But what happens when this kind of smart technology is hacked? Nothing good, that’s for sure. And Forrester says healthcare is more than just a major target for criminal organizations and hackers — it’s #1.
Let’s take a look at how and why that threat is playing out in the real world:
- In February, Hollywood Presbyterian Medical Center ponied up more than $17k in Bitcoins to hackers who had encrypted patient medical files. Unfortunately, this kind of ransom-driven hack is on the rise.
- Devices like insulin pumps and pacemakers are open to the same kind of threat on a personal scale — just imagine being the owner of an IP-capable pacemaker that gets hacked. The FBI says the typical ransom runs anywhere from $200 to $10k in such situations.
- Healthcare pros, like most professionals, are increasingly leaning on mobile devices like smartphones and tablets to perform job roles. But in healthcare, the security shortfalls of such devices are unusually daunting. The premise of a single Android security breach translating into fifty people on a hospital floor getting the wrong meds is not only plausible, it’s realistic.
All of this helps explain why Experian’s 2015 Annual Data Breach Report suggests a staggering $5.6 billion annual potential cost of security failures in the healthcare industry going forward. If you find that number scary, you’re not alone.
Moving toward a proactive strategy
The FDA is just as scared — that’s why it’s started releasing regular guidlines on how best to protect against cyber threats of this sort. But that guidance is mainly meant for organizations that create medical technology — manufacturers — not those who use it, like hospitals.
If your healthcare organization is interested in hearing from a skilled managed services provider with an extensive background in security, consider Platte River Networks. We partner with leading security solutions providers like Fortinet. And we take the possibility of cyber threats in the medical device space very seriously. That means we can help you develop and implement a custom strategy to minimize both the odds of a breach and the impact if one should occur.