{"id":23055,"date":"2017-06-02T04:53:44","date_gmt":"2017-06-02T04:53:44","guid":{"rendered":"https:\/\/www.sisinternational.com\/?p=23055"},"modified":"2026-01-27T16:52:19","modified_gmt":"2026-01-27T21:52:19","slug":"seguridad-cibernetica-atencion-medica","status":"publish","type":"post","link":"https:\/\/www.sisinternational.com\/es\/seguridad-cibernetica-atencion-medica\/","title":{"rendered":"Investigaci\u00f3n de mercado de ciberseguridad en el sector sanitario"},"content":{"rendered":"\n
\"SIS<\/figure>\n\n\n\n

<\/p>\n\n\n\n

A Different Virus Altogether<\/h2>\n\n\n\n

A brief overview of the ongoing battle to stem the tide of cyber-incursion in the healthcare sector.<\/span><\/h3>\n\n\n\n

<\/p>\n\n\n\n

In addition to subversive hacking in the business world, where private information can be compromised and sensitive company data absconded with, cybersecurity measures are now employed to negate the effects of hacking by foreign entities, used a political weapon. It is an increasingly serious global problem, and one that has necessitated the implementation of advanced cybersecurity methodologies to counteract the increasingly sophisticated capabilities of hackers to subvert these very systems.<\/p>\n\n\n\n

\u201cIn recent years, cybersecurity has been a growing concern in healthcare, with high-profile cyber-attacks and vulnerabilities causing disruptions for insurers, hospitals, and medical device makers. The stakes for patients are high too as patient data could be lost or tampered with, hospital services interrupted, or patients harmed through attacks targeting specific devices \u2026 \u201c 1<\/span><\/p>\n\n\n\n

Government Intervention to Fight Cybercrime<\/h2>\n\n\n\n

The rapid digitization of the healthcare industry makes this sector<\/a> particularly vulnerable to cyber attack, and this fact has not been lost on the US Congress.\u00a0 The House Energy and Commerce Committee recently convened to address cybersecurity in the health sector. Information Sharing and Analysis Centers (ISACS) may be key in providing enhanced security for healthcare providers and in thwarting efforts of would-be cyber attackers.<\/p>\n\n\n\n

Through the interactive efforts of the 24 organizations that comprise the National Council of ISACs (NCI), great efforts are being made to \u201cmaximize information flow across the private sector critical infrastructures and with government. Critical infrastructure sectors and subsectors that do not have ISACs are invited to contact the NCI to learn how they can participate in NCI activities.\u201d2<\/span><\/p>\n\n\n\n

It is, of course, a Herculean undertaking to strengthen the partnership between public and private entities in healthcare with regard to cybersecurity, considering the myriad industries and agencies of government that are responsible for regulating and delivering said healthcare. Congress has been encouraged to provide tax breaks and other incentives to prompt companies to get involved with the ongoing effort of ISACs.<\/p>\n\n\n\n

Poor Participation Impedes Cyber Security Implementation<\/h2>\n\n\n\n

Unfortunately, poor participation rates among healthcare facilities have been a persistent problem in the ongoing efforts to implement effective cybersecurity measures across the sector. According to Terry Rice, vice president of IT risk management and chief information security officer<\/a> at Merck, \u201ccompanies may be hesitant to share information within an ISAC if they fear the information will not remain confidential to its members.\u201d3<\/span><\/p>\n\n\n\n

\u201cI think the most shocking statistic was really the fact that 40% of the individuals at the top of an organization\u2013executives like CEOs and CIOs, and even board members\u2013didn\u2019t feel personally responsible for cybersecurity or protecting the customer data.\u201d   Dave Damato, Chief Security Officer at Tanium, on CNBC\u2019s Squawk Box<\/a>, speaking about cybersecurity in the healthcare industry 13<\/p>\n\n\n\n

The High Cost of Cybercrime in Healthcare<\/h2>\n\n\n\n
\"SIS<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Aside from the obvious threat of compromised patient information and other incidents of data theft, failures of cybersecurity are incredibly expensive, to the tune of $6.2 billion annually, according to a 2016 research project conducted by the Poneman Institute<\/a>. Insights revealed in their studies<\/a> revealed that \u201cnearly 90 percent of the healthcare organizations \u2026 had endured a data breach during the previous two years. Forty-five percent had more than five data breaches in that period, with the average cost of a cyber attack totaling $2.2 million. The data contained in electronic health records (EHRs) is often cited as the reason healthcare is such an attractive target in the eyes of a hacker.\u201d4<\/span><\/p>\n\n\n\n

As secure as people like to believe their health information is in the possession of their doctor\u2019s office or hospital, it is often not the case. The ongoing digitization of health records has been an expensive proposition for the healthcare industry. Securing all that information is another monumental expense, and sometimes this part of the cybersecurity equation has been neglected in the interest of cost-savings, or just by the large-scale nature of the overall endeavor.<\/p>\n\n\n\n

The Lucrative Nature of Cyber Theft in Healthcare<\/h2>\n\n\n\n

Of course, health records are a hot commodity on the black market<\/a>, and they can fetch top dollar from parties seeking to obtain personal information, billing addresses, and credit card numbers. Hacking can be a very lucrative enterprise, indeed. Consider this example. \u201cHackers made off with more than 2.2 million patient records from Fort Myers, Florida-based 21st Century Oncology in March of 2016. A month later, someone stole a laptop with 205,748 unsecured patient records on it from Premier Healthcare, LLC.\u201d 5<\/span><\/p>\n\n\n\n

The Advent of Ransomware<\/h2>\n\n\n\n

Ransomware is a new term for most people, becoming familiar with the recent WannaCry attacks unleashed globally, crippling critical infrastructure systems and eliciting significant financial ransom from those who fell prey to the anxiety and potential loss of data characteristic of such attacks. The healthcare industry in particular is vulnerable to ransomware incursions.<\/p>\n\n\n\n

\u201cHospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.\u201d 6<\/span><\/p>\n\n\n\n

Ransomware malware, in effect, locks up a computer and makes data inaccessible unless a ransom is paid to the perpetrator. Usually, this payment is made in the form of Bitcoin. In most instances, a time limit is established for the ransom to be paid, otherwise the computers data will be destroyed. Though most stricken parties don\u2019t pay the ransom, enough do to make it a particularly lucrative criminal enterprise.<\/p>\n\n\n\n

The healthcare industry has been vulnerable to ransomware attacks because, surprisingly, many hospitals have taken inadequate steps to prevent cybersecurity breeches. Instead, most hospitals have focused their primary concern on meeting HIPAA compliance and meeting federal guidelines to ensure the security of patient information. Ultimately, most employees in healthcare are simply not trained well<\/a> enough to recognize and thwart cyber attacks before they occur. Even when adequate training and cybersecurity measures are in place, it is a continuous challenge to outwit perpetrators who constantly remain one step ahead of the game.<\/p>\n\n\n\n

IoT Devices Are At Risk As Well<\/h2>\n\n\n\n

To add a layer of seriousness to the present situation, cyber attacks can affect not only computers, but devices that are connected to them, as well. Medical tools, heart and glucose monitors are but a few examples of devices vulnerable to cyber attack. Vice-President Dick Cheney famously demanded that his pacemaker be made safe from cyber attack, lest those with ill-intent not manipulate the function of his device remotely. Quite frankly, interference with such devices can be deadly for the patients who depend on them to live.<\/p>\n\n\n\n

As an example of medical hacking, \u201cIn one currently used exploit, known as MedJack, attackers inject malware into medical devices to then fan out across a network. The medical data discovered in these types of attacks can be used for tax fraud or identity theft, and can even be used to track active drug prescriptions, enabling hackers to order medication online to then sell on the dark web.\u201d 7<\/span><\/p>\n\n\n\n

\u201cNo patients have, as far as I know, been killed due to a hacked pacemaker, but patients have\u00a0been killed\u00a0due to malfunction[s] of their medical devices, configuration errors, and software bugs. This means that security research in the form of pre-emptive hacking, followed by coordinated vulnerability disclosure and vendor fixes, can help save human lives.<\/em>\u201d \u00a0Marie Moe, Security Researcher with SINTEF, in “Go Ahead, Hackers. Break My Heart<\/a>” (Wired)13<\/p>\n\n\n\n

The FCC has now suggested that IoT suppliers of medical devices build-in security measure into the products they manufacture; the key word there being suggested. Actually instigating mandatory security practices and requirements for those manufacturers is a time-consuming effort. In addition, networks assigned to relay data between devices and databases also have a critical need for cyber security implementation and monitoring.<\/p>\n\n\n\n

A New President, A New Order<\/h2>\n\n\n\n

There was much speculation as to how the Trump administration would address issues of cybersecurity. On May 11, 2017, the president signed an executive order that mandated a review of the nation\u2019s overall abilities to combat criminal cyber-activity. The order places the brunt of responsibility concerning cybersecurity on federal agencies which were to do risk assessments and turn in their respective reports within 90 days. Additional reports examining critical infrastructure risks were due six months after the president\u2019s order was issued.<\/p>\n\n\n\n

\u201cThe order calls for a review of the threat posed by botnets, which target websites with automatically-generated spam traffic. The Mirai botnet<\/a> was responsible for significant internet outages last year. But Access Now says the order should also address the government\u2019s process for vulnerability disclosure and its response to data breaches.\u201d<\/p>\n\n\n\n

There is no overall preventative measure or measure that can eliminate the risk of cyber attacks. Rather, hospitals, clinics, and private practices can only hope to work together and manage the continuous risks in the interest of protecting the private information and the general safety of their patients. Concurrently, continuous technological advancements will hopefully address the vulnerability of medical devices and computer networks.<\/p>\n\n\n\n

This effort to curb the potentially disastrous effects of cybercrime in the health sector and beyond extends far beyond the United States. A global effort is currently underway to stem the tide of cyber attacks worldwide, or to at least minimize the impact of what seems to be a never-ending effort on behalf of cyber-criminals to infiltrate healthcare systems and to wreak havoc and extort wherever possible, to whatever nefarious ends.<\/p>\n\n\n\n

Political Motivations for Cyber Attacks<\/h2>\n\n\n\n
\"SIS<\/figure>\n\n\n\n

<\/p>\n\n\n\n

With the hostile political climate that exists between North Korea and virtually every other country in the civilized world, it is not surprising that the rogue nation has been cited as a probably offender in the recent WannaCry ransomware attacks, and other ill-willed endeavors undertaken for political reasons and for the purposes of financial extortion.<\/p>\n\n\n\n

\u201cCyber security researchers have found technical clues they said could link North Korea with the global WannaCry “ransomware” cyber attack that \u2026 infected more than 300,000 machines in 150 countries<\/a>. Symantec and Kaspersky Lab said \u2026  some code in an earlier version of the WannaCry software <\/a>had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.\u201d 10<\/span><\/p>\n\n\n\n

Not all experts believe the WannaCry ransomware attack was motivated by financial reasons. Some, like Matthew Hickey of the British cyber consultants, Hacker House, believe that the perpetrators hoped simply to \u201ccause as much damage as possible.\u201d This was certainly the case in the countries which were most affected by the attack, including, India, Taiwan, Ukraine and Russia.<\/p>\n\n\n\n

Some, like Russian leader, Vladimir Putin, blamed the NSA for what he claimed was their role in the WannaCry ransomware attacks. WannaCry technology is thought to be \u201cbased on a leaked tool taking advantage of a security flaw in Windows that appears to originate with the NSA. “We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle,” said Putin in Beijing, according to the Russian state-owned news service, Tass<\/a>.\u201d 11<\/span><\/p>\n\n\n\n

\u201cThis next president is going to inherit the most sophisticated and persistent cyber espionage cultures the world has ever seen, He needs to surround himself with experts that can expedite the allocation of potent layers of next-generation defenses around our targeted critical infrastructure silos.\u201d\u00a0 James Scott, Senior Fellow, Institute for Critical Infrastructure Technology 14<\/span><\/p>\n\n\n\n

Trends in Fighting Cyber-Incursion in the Health Sector<\/h2>\n\n\n\n

Obviously, the threat of cybersecurity breaches across all sectors of business and industry will not abate. In healthcare, there will be an ongoing and incessant need to improve technology and overall vigilance to avoid disastrous incidents in the future. Certain protective trends are emerging that might be seen as the future of cybercrime deterrence in healthcare.<\/p>\n\n\n\n

At the top of the list is an increasing migration to cloud-based information security tools. This move \u201cwill allow the tools to be updated more dynamically to address zero-day type malware.\u00a0 This move to the cloud should ultimately make it more economical to make these tools available to all healthcare providers \u2013 large and small.\u201d 12<\/span><\/p>\n\n\n\n

In addition, the healthcare industry will be forced to encourage increased information sharing and collaboration across health networks and between facilities. This mutual cybersecurity effort will be difficult to instigate as health institutions are often quite insular by nature. It is predicted that this sharing of information will reach beyond healthcare to include many sectors of business and institutional endeavors to minimize risks for all involved.<\/p>\n\n\n\n

Ultimately, the effort to negate the dangers of cybersecurity breaches, ransomware, and new and emerging threats in this arena will come down to education and awareness on all employee levels in healthcare and beyond. When everyone is well-educated and made to see warning signs of cyber-risks and what they can do to be part of an overarching effort to stem the tide of cyber-incursion, the healthcare industry and all protectors of civilized information sharing around the globe will continue to make meaningful strides towards limiting the damaging effects of cybercrime in all sectors.<\/p>\n\n\n\n

AI-Driven Website Security: WP Safe Zone for Healthcare<\/h2>\n\n\n\n

In the healthcare sector, where sensitive patient data is a prime target for cyberattacks, robust website security<\/a> is critical. The rise of AI in cybersecurity is providing powerful solutions to combat these threats. One standout example is the WP Safe Zone plugin, tailored for WordPress websites.<\/p>\n\n\n\n

WP Safe Zone utilizes artificial intelligence<\/a> to protect websites from malware, brute force attacks, and unauthorized access. Its AI algorithms constantly monitor and adapt to emerging threats, ensuring real-time protection for healthcare organizations\u2019 online platforms.<\/p>\n\n\n\n

As cyber risks in healthcare continue to grow, tools like WP Safe Zone demonstrate how AI can safeguard critical systems, ensuring both data security and compliance with strict regulations.<\/p>\n\n\n\n

We Can Assist In Your Cyber Security Effort<\/h2>\n\n\n\n

SIS International Research has spent decades interacting with the healthcare<\/a> industry on many levels, from free-standing family practices, to multi-tiered and monolithic health networks. Our singular understanding of the challenges faced by businesses and institutions in the healthcare sector are unparalleled. We provide research and intelligence<\/a> on stakeholders[\/fusion_text][fusion_text]<\/p>\n\n\n\n

Our solutions include:<\/p>\n\n\n\n

Today, with the added complexity of the threat imposed by increasing cyber-criminality aimed at our most revered healthcare institutions and the patients they serve, we consider our role with the highest degree of seriousness. As a company that prides itself in comprehending the importance and the multi-faceted nature of the healthcare industry, we will continue to serve health-related practices, facilities, and organizations with the same high-quality and comprehensive research capabilities our clients have come to expect and demand<\/a>. In this way, we hope to do our part in helping the medical community understand and combat the very real and serious threat of cyber attacks in the healthcare sector.<\/p>\n\n\n\n

The following resources were used in the compilation of this research:<\/p>\n\n\n\n