2017, Wannacry cyberattack shook the National Health Service of the UK, which infected more than 2,00,000 computers, putting a total number of 16 healthcare centres on halt that led to the cancellation of more than 19,000 appointments.
In 2019, a man by the name of Martin Gottesfield from Massachusetts launched a DDoS attack on Boston’s Children Hospital due to which the hospital lost a total amount of $300,000 in order to repair its computers.
These are just two cybersecurity attacks from a thousand ones which could be mentioned here, and at the time when this article is being typed, another cyber attack is taking place on some health institute in some part of the world.
As the healthcare industry evolved, it began to primarily rely on technology and digitalisation — even went entirely paperless in some parts of the world. On the one hand, the operating systems inside the healthcare institutes are becoming faster and less complicated, but on the other hand, it’s falling prey to cyber-attacks. But for every ‘anti’, there will always be a ‘pro.’ Thus came the role of cybersecurity to stand as a shield in front of healthcare institutes.
Healthcare institutions store large amounts of health data related to patients’ condition along with medical billing and insurance information, which are of high value in the black market and are often targeted by hackers. Some of the common kinds of attacks to keep an eye for are malware and ransomware, where hackers often shut down individuals’ devices and servers. Information stored on cloud storage can also become a weak spot without proper encryption. Another clever idea of attacking is the usage of websites and phishing attacks. Through the use of cybersecurity, several healthcare institutions and providers are educating members on how to protect data and devices along with cultivating a sense of security.
Despite the rise in threats, most of the hospitals are incapable of handling the attacks and often do not take these threats seriously. The data breach is not the only threat that lurks. The proliferation of connected medical devices such as pacemakers and insulins can also put the life of a patient at serious jeopardy. Not to mention, most of the attacks are the cause of negligence by inside staff who have access to the organisation’s EHR.
The attack on healthcare institutions can only be judged by numbers, i.e., the amount of money lost in the attacks. As per a survey by IBM, the healthcare industry had faced a loss of $6.45 million in the year 2019 alone. In the year 2015, more than 113 million records were stolen and out of which, 78.8 million were stolen in a single attack. The reason these attacks took place in the first place is the lack of cautiousness on the part of healthcare providers. In terms of security, the healthcare industry has always lagged while hackers went on to create sophisticated tools. Healthcare institutes have finally begun to ask for security from their machine providers to deal with the nuisance.
In the race between hackers and healthcare institutions, artificial intelligence (AI) is the ultimate weapon that has been chosen by both parties to attack and defend. Hackers are on the lookout to design attack vectors that can get passed cyber defence by leveraging AI and machine learning (ML). It is often noticed that advanced persistent threats (APTs) are found hiding in the networks for years and go unnoticed, collecting information years after years. In certain scenarios, offensive AI changes itself as per the environment and mimic specific actions to avoid human detection.
To counter such a wide variety of weaknesses, AI is at the forefront of defending. Advanced malware protection is put to use which inoculates the LAN and counters back to unrecognised behavioural patterns. Several health institutes are relying on IBM’s Watson platform that provides an AI system for routine security assessments, reducing response time in case of an attack and making an auto recommendation to deal with a specific kind of attack. Not just IBM Watson but Cisco too is on the forefront with several cybersecurity solutions such as security broker and cognitive threat analytics to list a few.
Moving on, cybersecurity was never a part of the hospital IT department. But in recent times, that has been changed as healthcare institutes are establishing a connection between security and IT departments to control and respond to any attack effectively. Most healthcare institutes are also developing a reliable security program based on official frameworks, notably the NIST framework for health information technology. Healthcare institutes are also taking recommendations from the Food and Drug Administration, along with following the HIPAA guidelines to ensure a safe and secure healthcare environment. In the fight against hackers, cybersecurity is on the rise with new findings to counter the attacks, but the war between the two entities will never come to an absolute end. However, one can further read about the regulatory challenges presently prominent with healthcare AI in current times.