From the depths of the dark web to privacy concerns stemming from the government’s response to the opioid crisis, it was a busy year.
Ransomware. Baked-in vulnerabilities. Ad fraud. Unbridled access to sensitive databases.
The cybersecurity threats and privacy concerns facing healthcare are as diverse as they are consequential. Throughout 2017, Healthcare Analytics News™ covered a disconcerting number of data breaches, ransomware attacks, and other incidents, underlining the need for a greater focus on cybersecurity by all healthcare organizations. (Read more on the past year’s most damaging attacks and the lessons left in their wake here.)
But much of our coverage poked beyond the obvious issues, shining a light on the interesting, absurd, and alarming areas that do not receive as much attention as, say, major ransomware attacks. HCA stories detailing widely known incidents like WannaCry and cybercrime players such as the dark web, meanwhile, took unique looks at common problems.
By the year’s end, we compiled a worthy cybersecurity portfolio. Although it was difficult to choose the best reads, our editors whittled down the list to the top 6. Here they are.
The Bots That Want to Drain Your Budget. The website was called Oncology Tomorrow, and its first month yielded 100,000 unique visitors and 250,000 page views, seducing advertisers who wanted to reach a specialized, high-value audience. The only problem: All of Oncology Tomorrow’s traffic was fake. Often, bots and click farms prop up “cash-out” websites, committing fraud in the pursuit of millions of ad dollars. The issue is of particular concern to healthcare and pharma.
Declaring a Public Health Emergency Carries Privacy Concerns. When President Donald Trump asked his administration to label the opioid abuse crisis a “public health emergency,” he may well have exposed patient data to more scrutiny by law enforcement and others. The designation could raise privacy concerns, fostering access to prescription databases without a court order, according to one expert. The specifics are decided at the state level, but the consensus is that sensitive medical information could fall into the hands of people who need not abide by health privacy laws.
Combating the Dark Side of Healthcare. The dark web has become a sort of bogeyman: a carefree marketplace where everything from drugs and guns to sex and credit card information are sold. That list also includes patient health data, and medical records fetch a lot more on these exchanges than other personal information. Of course, the deep web is not all bad. But hospitals must be ready to navigate it.
How to Create the Unhackable Computer. What if everything can’t be hacked, busted into, or exploited? That thought goes against prevailing cybersecurity logic, but it is also driving a cutting-edge initiative that could forever change how healthcare thinks of its digital defenses. “What’s incredibly exciting about the project is that it will fix tomorrow’s vulnerabilities,” the project lead said. “I’ve never known any security system that could be future-proof.”
mHealth Security Flaws Pose Risks to Users. Mobile health apps are becoming more and more popular. As such, they are gathering more and more data—the sensitive kind of data that most users would not want to get out. Unfortunately, these programs are sometimes strapped with weaknesses, which place unsuspecting consumers at risk. How bad is it? Nearly half of the top 53 apps in 3 countries had “pressing vulnerabilities.”
For Hospitals, the Ransomware Threat is Here to Stay. Yes, data breaches are becoming more common. Yes, they are becoming more blatant. And yes, they are becoming a bigger concern for healthcare. WannaCry spelled that out clearly, and more attacks like it are set to continue the trend. Here are the nightmares that keep the experts up at night—and how healthcare organizations can keep them at bay.