Health care facilities store the most private information imaginable, making them a valuable target for criminal hackers. In addition, possibly more than any other industry, it is vital for a hospital’s technology to always function properly. It’s a matter of life and death. This last month, a hospital in Hollywood was forced to pay $17,000 worth of bitcoin when hackers held their system for ransom. The hackers prevented the hospital staff from communicating with each other over the network or accessing any patient files. They were forced to use pen and paper to keep records, slowing patient care down tremendously.
The hacking of health care facilities and health care records has soared over the past year. According to NBC News, 1 in 3 Americans has had their medical information compromised. Unlike a credit card number, which can be changed, medical records stay with a patient forever.
After the information is stolen, it is advertised for sale on the “Dark Web,” where users can basically purchase a victim’s identity. They can then use this identity to order prescriptions, pay for treatments, and file false tax returns. While stolen credit card credentials cost $1-$3 on the Dark Web, a medical record can go for $60, making them extremely valuable to criminals.
NBC News tells the story of John Kuhn, who went to the hospital after a snowboarding accident and received an x-ray. Months later, the hospital sent him a bill for $20,000 for a surgery that he never had. He had to actually go to the hospital’s billing department and lift his shirt to prove that he didn’t have scars from the surgery. The hospital failed to keep his data safe, it ended up on the Dark Web, and someone had a surgery while pretending to be him.
As the threat of data breaches rise, healthcare facilities and companies must increase their security. It is the sole responsibility of the company to keep their patients’ data safe and secure.
HealthIT.gov lists the top 10 most important cybersecurity protocols for the healthcare industry as:
1. Establish a Security Culture - The means that everyone in the organization is responsible for maintaining security. All employees are properly trained in cybersecurity protocols.
2. Protect Mobile Devices - All devices that will be transported (phones, laptops, tablets) need to have strong access controls (passwords). Also, the data on these devices needs to be encrypted when transferred over public networks.
3. Maintain Good Computer Habits - Make sure employees aren’t downloading and installing unnecessary software as it could come with data-stealing viruses. When installing necessary software, be sure to carefully go through the installation options. Always update software and computer operating systems to the latest version for the best security.
4. Use a Firewall - A firewall protects systems from intrusions and threats from outside sources. A software firewall isn’t enough. Healthcare facilities need a hardware firewall that is installed and maintained by a professional.
5. Install and Maintain Anti-Virus Software - All devices need a proper antivirus that is continually updated to the latest version.
6. Plan for the Unexpected - This means backing up data. Use a continual, automated, off site backup system such as Carbonite. Make sure employees know how to recover data should it become lost, stolen, or corrupted.
7. Control Access to Protected Information - Only certain individuals in an organization need access to certain information. An administrator can set these permissions so data does not fall into the wrong hands.
8. Use Strong Passwords and Change Them Regularly - Passwords need to be at least 8 characters long and they should use a combination of upper and lower case letters, numbers, and special characters. Passwords should be changed regularly.
9. Limit Network Access - Employees should not be able to install software and visitors should not be able to access the network casually.
10. Control Physical Access - Make sure that devices such as laptops, phones, usb drives, hard drives, servers, etc. can’t be removed from the places they need to be. Use locked doors and limit the number of keys available.