Following the ransomware cyber attacks on the NHS last week, the public has been reminded of the challenges to security that come with increased use of wireless devices and electronic medical records.
Given the nature of cyber-attacks, there are two large demographics that are most vulnerable: children and older adults.
However, although a nine year old and a 90 year old can click a comprised link just as easily as anyone else, the latter is more likely to be receiving medical care from a networked facility.
Due to lax encryption and access control mechanisms, it is possible that hackers could take advantage of elderly patients’ ignorance of modern online security practices to compromise IT infrastructure in large healthcare organisations.
This puts every participating party, including insurance providers, hospitals, surgery centres, clinics, doctors, and patients, at risk.
Even more alarming is the fact that in many cases, online security breaches go unreported.
Healthcare data can be very lucrative to cybercriminals, as it contains a large concentration of sensitive data including patient’s medications, medical history, social security number, and insurance provider, all of which can be resold on the black market.
Hospitals cannot afford to have their systems down for too long because lives are at stake.
Therefore, instead of risking a publicity nightmare, they are more likely to concede to attackers.
Worse still, effective healthcare data security can be particularly difficult to implement because healthcare institutions hold on to legacy pieces of software that may contain security vulnerabilities that are no longer monitored or updated.
To maintain the security and privacy of their patients’ information, it is imperative that healthcare institutions are proactive about assessing the risk of security breaches and teach their staff proper online security practices.
This can be considered the digital analogue to the proper hygiene rules initiated to control biological infections.
Electronic systems should be monitored to detect any breach, and there should be a protocol in place to mitigate attacks.
Innovations such as blockchain technology, which enables a decentralised storage of data and can manage permissioned access of sensitive information among diverse entities, can significantly reduce the massive attack vector in current centralised data repositories.
With proper proactive protection in place, future cyberattacks on the healthcare system will hopefully fail.