Hacking Away at Our Health

The idea of someone hacking into a medical clinic's database to steal medical records is disturbing. The idea of someone purposefully causing an epileptic to have a seizure is appalling. The idea that someone would hack an individual's pacemaker and cause them to have a heart attack is sickening. What type of person would do any of the above? We'll tell you: a depraved cybercriminal looking to turn a profit at the expense of the ill and infirm.

Sadly, two of the above situations have actually occurred, and cybersecurity professionals say that it's only a matter of time before a cyber crook hacks pacemakers, making the third an eventual reality.

A healthcare breach can have a disastrous effect not just on your medical practice, but on the lives of your patients. Let's take a closer look at how a cyber breach can critically disrupt healthcare systems.

Stolen medical records results in a lifetime of stolen identities.
In 2015, the healthcare industry ranked number one in data breaches. Dark Reading reports that "major cyberattacks on healthcare grew 63 percent in 2016." Why cybercriminals are going after the healthcare industry? Unlike credit card numbers that can easily be canceled, a patient's medical records contain information (like birthdates, SSNs and insurance numbers) that cannot be cancelled or replaced. A SSN is for life; a cyber crook can continually sell a SSN number and turn a profit for years. The monetary value of a stolen medical record far exceeds the trouble of cracking a network.

Epileptic patients go into seizures because a webpage was hacked to display flashing colors.
Back in 2008, epileptic patients visiting an epilepsy support message board were bombarded with flashing computer animation and colors in an effort to "trigger migraine headaches and seizures in some users." Wired reported at the time that hack was "possibly the first computer attack to inflict physical harm on the victims." Using JavaScript code to induce adverse physical trauma on the epilepsy website's users, the hacking collective Anonymous eventually took credit for the horrible attack. This wasn't done for money; the hacking collective targeted the website simply because they could.

If ransoms go unpaid, pacemakers can be short-circuited to cause heart attacks.
U.K. based researchers found that they could "transmit life-threatening signals to implanted medical devices with no prior knowledge of how the devices work," according to ComputerWorld. By reverse-engineering signals, the researchers learned that they could deplete the pace maker's battery life, steal the patient's private medical information and send the pacemaker into electrical shock, harming the patient. In mid-April the FDA warned the healthcare industry that there could be a wave of medical-device breaches.

In an interview with The Hill, vice president of IT risk management at Merck & Company, Terry Rice said that, "In just the last few years... we've seen more than a hundred million records of American citizens breached." If a patient is unable to pay ransom for their pacemaker, they could pay for it with their life.

No one is safe from the nefarious dealings of a cybercriminal. Protect your patients today when you sign up for a cyber insurance policy with CyberPolicy.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375