The rise of the use of EHRs is expected to reduce healthcare costs and increase efficiency in processes. Resultantly, the HITECH Act was enacted to increase the number of healthcare organization adoption health information technology. However, 94% of healthcare organizations have experience some sort of cyber-attack with 150 million patient health records being breached between 2009 and 2014. Unfortunately, the average cost of data loss is greater for healthcare organizations compared to organizations of other sectors. Furthermore, there are various devices such as cardiac devices that can be exploited by cybercriminals to harm patients.
The various types of cyberattacks that have been performed on healthcare are listed below. Denial of services attacks flood networks with traffic to disrupt service and prevent access to resources. These attacks can shut down entire networks of healthcare organizations as seen with the Boston’s Children’s Hospital in 2014. Privilege Escalation attacks are used to achieve higher level of access to networks and programs by exploiting vulnerabilities. Such attacks are made to change patient’s information. They can be vertical or horizontal and even be multi layered. Man in the middle/eavesdropping is a reconnaissance attack which intercepts communication and destroys integrity of data. Cryptographic attacks are made to reveal confidential information. Structure Query Language Injections Exploit attacks allow hackers to alter information large databases. Malicious software is designed to harm and compromise computer systems through user permission in the form of viruses, trojans, spyware and ransomware.
Author:
Soumitra Sudip Bhuyan, Umar Y Kabir, Jessica M. Escareno, Kenya Ector, Sandeep Palakodeti, David Wyant, Sajeesh Kumar, Marian Levy, Satish Kedia, Dipankar Dasgupta & Aram Dobalian
