As part of the study, three qualified radiologists analysed real photographs of the lungs which were modified by the program. In 99% of cases, when examining these images, doctors discovered malignant neoplasms. Besides, when the program removed real cancerous nodules, the same specialists said that the lungs were fine in 94% of cases.
After giving the doctors a different set of pictures, and informing them that half of them were fake, the proportion of erroneous diagnoses decreased, but not significantly. In 60% of cases, radiologists found cancer in healthy patients, and in 87% they could not identify this deadly desease in real patients.
The malware needs to be implemented in the hospital’s local network, which is often isolated from the Internet but the experiment participants managed to do this without considerable effort. In the evening, one of them went to the radiology department of the hospital, and within 30 seconds he infiltrated the device with the virus: during this time, no staff member managed to detect the breach.
This way, cybercriminals can use such attacks to damage the reputation of a medical institution or actually control the fate of a particular patient — for example, to prevent a person with the disease from receiving critical care for him.
Having said that, let’s enumerate the point to consider when talking about security in healthcare:
- Electronic health records and individual medical devices are all subject to attacks;
- The healthcare industry is particularly vulnerable for a number of reasons: no significant investments in cybersecurity, serious vulnerabilities in existing technology and human factor aka staff behavior;
- Breaches usually result in hundreds of stolen health records and may even paralyze the work of the whole structure;
So what are strategies for improving cybersecurity? Professionals from HealthIT.gov, suggest implementing the following practices:
- Start by establishing a security culture.
It’s all about education. Organize cybersecurity training for employees so that every member of the organization is aware of how to properly protect patient data
- Protected mobility
Just like in any other domain, healthcare professionals use mobile devices at work. A variety of protective measures like encryption ensures that any information on these devices is secure.
- Firewall and antivirus software
Although it goes without saying, any devices connected to the Internet have to be protected by a firewall and continuously updated anti-virus software. It’s worth noting that criminals may go as far as to penetrate into connected medical devices such as ventilators, X-ray and MRI machines, medical lasers and even electric wheelchairs.
- Control over protected information
Provide access to protected information only to those employees who need to use it in their tasks. The staff has to be familiar with common attack patterns within the healthcare industry. Secondly, it would be a good habit if one will utilize two-factor authentication for systems and other applications.
- Backed up files
Ancient Romans said that if one wants peace, it’s better to prepare for war. So, whatever breach may (or may not) happen, any important files should be backed up on a regular basis. This way, data could be restored without delay. Besides, it makes perfect sense to back-up this information away from the central system.
6. Update (and regularly change) passwords
The Verizon report claims that about 63% of confirmed data breaches happened due to default, weak or stolen passwords. Thus, healthcare professionals should use sophisticated passwords, and update them frequently.
- Install software carefully
No software, application or any additions to existing systems should be installed without prior consent from the IT department or higher authorities.
In regards to all these facts and statistics, cybersecurity has to be an integral part of the patient care pathway in any medical institution. After all, it’s all about human lives. And I don’t exaggerate: some of the attacks are deadly. The ransomware attack on MedStar Health, a large Maryland-based healthcare system, serves as a “perfect” illustration. This case made all national headlines when it has become clear that it had threatened patients’ lives. Therefore, the healthcare industry has no choice but to improve its capabilities regarding security.