Health records sell for thousands of dollars on the dark web, and are considered one of the most desirable types of illegal personal information. Healthcare organisations are often targeted for this reason, but a breach of cybersecurity measures can have other serious and far-reaching ramifications.
Criminals including human traffickers, forgers, and terrorist organisations can make use of any stolen data. Healthcare records include useful details such as patient hospital numbers, but they also give a unique insight into someone’s entire life: how vulnerable they are, whether they have carers at home, how independently mobile they are, whether they suffer with dementia — and much more. These specifics can be used to target individuals both electronically and physically. A cognitively impaired person could be more likely to fall victim to a phishing scam, especially if they don’t have regular contact with family or carers. Hospital appointment letters or remote monitoring systems could inadvertently provide cybercriminals with a schedule for the times a property is unoccupied. For example, someone with an interest in complementary therapies may be more likely to follow a link purporting to offer acupuncture sessions.
The devastating impact of ransomware attacks on patient care cannot be underestimated. Aside from diverting technical support away from clinical software issues, interference with electronic clinical systems can be harmful to patients via a range of automated processes. This includes failed communication between ambulances conveying patients to hospital, interrupted temperature regulation of medication fridges, malfunctions of MRI scanning equipment, and errors made by electronic assistants used during surgery.
Protecting healthcare systems from cybercrime is an involved and demanding job. Here are some top tips for any budding technology developers:
Specific systems designed for clinical purposes with integral security measures are generally considered the ‘gold standard’ in this field.
All methods used for telehealth need to be developed in line with strict regulatory rules regarding data confidentiality, whilst also being user-friendly enough for an unwell person to access help quickly.
End-to-end encryption or a similar protection measure is essential for telehealth.
Back ups to a separately hosted cloud system may be illegally accessed if there are any chinks in its virtual armour, particularly if third party vendors are used.
Systems should not sync with other devices: some healthcare professionals have reported confidential information appearing on their smart TVs at home.
The human element to managing cybersecurity is extremely important. Staff and patients should be regularly educated in identifying cyber attacks, suspicious emails, and dangerous websites. They should be updating all their devices to the latest operating systems, and using randomly generated unique passwords. Multi-factor authentication (using 2 or more unique identifiers) is an important tool in the fight against cybercrime.
There’s far more than data privacy at stake when it comes to telehealth cybersecurity. Both professionals and patients need to make it as difficult as possible for criminals to open the virtual front door to healthcare organisations, in order to protect every aspect of patients’ lives.