The ACA and HITECH have worked as legislation to encourage healthcare providers to become more network integrated. While this integration has led to many benefits, it has also made many systems more vulnerable to cybercrime as healthcare information often contains personal and financial information. To combat these breaches, the HIPAA began to implement certain physical safeguards such as workstations use and technical safeguards such as encryption.
Ransomware has been a recent problem in California hospitals. Ransomware is essentially the process of breaching networks and encrypting files to restrict access and then creating a fee while holding these files on ransom. These attacks are costly not only because of the ransom fee but also due to the amount of time that is lost when the files are locked.
An analysis of various threats in recent years have shown that there are two primary drivers that result in the increased exposure of healthcare organizations to cyber threats. The first driver is the ever-changing technological landscape as new technology is implemented faster than security systems can be created or updated to protect them. Medical devices themselves have even become network integrated. This leads to concerns of possible attacks on pacemakers or ICU respirators. The second driver is a shift in US policy in promoting the increased use of technology in healthcare institutions. These policies push for more network integration.
Author:
Clemens Scott Kruse, Benjamin Frederick, Taylor Jacobson and D. Kyle Monticone
