Skip to content
Anasayfa

  • by

Cyber security in the healthcare sector is very important for personal data security. In a broad context, this risk situation applies to the business world in general. According to Gartner’s estimates, cyber attacks could cause companies $5.2 trillion in additional losses and revenue losses over the next five years. Could high economic losses and increasing numbers of cyber attacks threaten human health? Or can technologies that make life easier in the healthcare industry be used as weapons?

Cybersecurity is a growing concern in the healthcare industry. According to the article in JAMA Internal Medicine, between 2009 and 2017, hackers seized the information of 133.8 million patients. Additionally, the American healthcare system lost $6.2 billion in 2016 due to data leaks. Another important point is that in 2016, 4 out of every 5 doctors were exposed to a cyber attack (2).

Some experts may underestimate the cybersecurity risks of medical devices. However, in recent years, the FDA has stated that Medtronic MiniMed insulin pumps may be at cybersecurity risk. At this point, he recommended that patients replace at-risk devices. In this context, such an attack may even cause the patient to go into hypoglycemia or hyperglycemia (3). Following the detection of the security vulnerability, the FDA issued a call. He recommended that they keep insulin pumps and connected devices under their control at all times. He warned patients not to share the pump serial number and not to use unauthorized software (4).

Medical Records Carry Cyber Risk

Pandemi ve siber güvenlik

Cyber attacks targeting the healthcare sector may not always result in serious consequences such as death or injuries. Just like the WannaCry attack, hospital databases can be targeted for sensitive medical records. For example, according to the UK Ministry of Health, 19,000 appointments were canceled in healthcare institutions affected by the WannaCry attack. Therefore, even though these attacks did not directly threaten human health, they harmed healthcare services. According to BBC News, the computer systems of many hospitals crashed after this global attack. Moreover, in some hospitals, surgeries could not be performed and patients could not be accepted except for emergencies. As a result, WannaCry affected thousands of computers in 99 countries, including Türkiye. Using ransomware, money was demanded from institutions to deliver the files.

In the Cyber Security Practices in the Health Industry report published by the American Department of Health and Social Services, it is stated that in 2016, in a cyber attack targeting a hospital, all computer systems of the hospital were frozen and a ransom was demanded from the hospital. According to the report, as a result of the attack, computer systems became unusable. The hospital in question had to record patient records and data using paper and pencil. Although authorities attempted to restore the systems, $17,000 had to be paid to regain full control (7).

So, what precautions should the healthcare sector and policymakers take against cyber threats that pose a significant risk for the sector? According to HHS, there are specific issues that need to be addressed against the risks of future cyber attacks.

Areas to Pay Attention to

  • Email security systems
  • Endpoint protection systems
  • Access policies and practices
  • Data protection and prevention of data loss
  • Asset (inventory) management
  • Network management
  • Vulnerability management
  • incident response
  • Medical device security
  • Cybersecurity policies

According to experts, it is not possible to completely reduce cyber security risk with pre-marketing controls. However, he states that safety behaviors and risk assessments need to be carried out in the healthcare sector. At this point, they emphasize the need to develop “post-event plans” (9). However, it should be underlined that most of the reported data leaks or losses are “human” based. In this context, “awareness” stands out as one of the most basic components of a holistic cyber security policy. While the biggest losses as a result of cyber-attacks generally occur due to a lack of awareness or resources, human-based cyber security policies and cyber security awareness development studies constitute an important part of cyber security studies in the healthcare sector.

Resources:

  1. Information Age, “The true cost of cybercrime? $5.2 trillion apparently, Link: https://www.information-age.com/cost-cybercrime-123478352/
  2. Fierce Health Care, “Theft and disclosures account for most healthcare data breaches. But hackers took 3 times as many records”, Link: https://www.fiercehealthcare.com/tech/healthcare-data-breaches-jama-hhs-hacking-theft-unauthorized-disclosure-phi
  3. FDA, “Certain Medtronic MiniMed Insulin Pumps Have Potential Cybersecurity Risks: FDA Safety Communication”, Link: https://www.fda.gov/medical-devices/safety-communications/certain-medtronic-minimed-insulin-pumps-have-potential-cybersecurity-risks-fda-safety-communication
  4. Zak Doffman, “FDA Warns Of Dangerous Cybersecurity Hacking Risk With Connected Medical Devices”, Forbes, Link: https://www.forbes.com/sites/zakdoffman/2019/06/28/fda-issues-cybersecurity-warning-over-hacking-risk-for-connected-medical-devices/#5ea1c962561d
  5. The Telegraph, “WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled”, Link: https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/
  6. BBC News, “Fidye yazılımı ‘WannaCry’ Türkiye dahil 99 ülkede binlerce bilgisayarı etkiledi”, Link: https://www.bbc.com/turkce/39899848
  7. Department of Health and Human Services, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients”, Link: https://www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf
  8. Eli Richman, “Ransomware, phishing attacks top new HHS list of cyberthreats in healthcare”, Link: https://www.fiercehealthcare.com/tech/ransomware-phishing-attacks-top-hhs-list-cyberthreats-for-healthcare
  9. İ. Hamit Hancı, Hilal Tokgöz İshak Yapar, “Tibbi Sistemleri Ve Cihazları Hedef Alan Siber Saldırılar”, Adli Bilimler Dergisi, 2018, Link: https://www.medikalakademi.com.tr/?get_group_doc=22/1529524068-Tibbi-cihaz-siber-saldiri.pdf