Over the past few years there’s been a push for hospitals and medical providers to make the move to digital. Experts have said that having electronic records would make both communication and record keeping easier. In 2016 that sort of makes sense.
But this move to digitize records has placed hospitals in a vulnerable position. They often don’t have the proper security to protect patients’ information from hackers.
Andrea Peterson, tech reporter at the Washington Post, says hackers target health care providers because medical records contain valuable information, like health insurance data that can be used for insurance fraud.
“They’ll usually have some access to some payment card information, and they’ll also typically have health insurance data,” Peterson says. “Which is actually more valuable on digital black markets than that traditional credit card data, because you can use it for this whole other different kind of fraud.”
She says that information is very lucrative for hackers, because insurance fraud is harder to trace than unauthorized credit card usage.
“You can use it to get access to medical services without actually having to pay for it,” Peterson says. “Or you can use it to buy expensive medical equipment, and usually it takes a lot longer for that kind of fraud to be caught than traditional financial fraud.”
Another threat is ransomware, malicious software that does exactly what it sounds like – steals data and holds it for ransom. Peterson says that this kind of hacking is becoming more commonplace.
“Once it gets into a network, it starts slowly encrypting everything that it can get its hands on,” Peterson says. “Then it will flash up this pop-up that’s like, ‘Hey, we have all of your stuff, if you don’t pay us x amount in a ransom – usually in some sort of hard to trace digital currently like bitcoin – you’re not going to get your data back.'”
Because hospitals need this data to operate, they often pay off the ransom in order to get their files back.
One kind of medical hacking that most directly impacts patients is the hacking of medical devices, like insulin pumps and pacemakers – devices that are actually implanted into patients.
“There’s been a lot of researchers that have shown that those don’t have very good security,” Peterson says. “In fact, just last year the FDA told hospitals basically to stop using this one particular drug pump because it had a bug in it that could potentially be used by a malicious actor, or to deliver, well, fatal doses of things. And the company had no plans to fix it.”
Listen to the full interview in the audio player above.