Hospital Cyberattack Highlights Health Care Vulnerabilities

A cyberattack that paralyzed the hospital chain MedStar this week is serving as a fresh reminder of vulnerabilities that exist in systems that protect sensitive patient information.

That attack came a month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system and more than a year after intruders broke into a database containing the records of nearly 80 million people maintained by the health insurer Anthem.

In Anthem's case, only a single password stood between hackers with a stolen employee ID and a chance to plunder the Blue Cross-Blue Shield carrier's database, according to a federal lawsuit filed by customers over the breach.

Cyber criminals also have staged high-profile attacks in recent years against the federal government, retail chains and the adultery website Ashley Madison, among many other targets. But security experts say health care companies make especially inviting targets for a number of reasons.

The information they protect is more valuable on the black market than a credit card number stored by a retailer. Health care cybersecurity also can lag behind measures taken in other sectors like banking.

This can stem in part from a business emphasis on tight budgets and convenience over security. Health care companies also have to deal with an additional headache: Multiple entry points into a system, with security quality varying among clinics, labs, hospitals that may have access.

Cybersecurity experts note that government guidelines for health care data protection also are light on details and standards. The federal law known as HIPPA tells health care companies when they can disclose a person's records and to whom. It also requires them to protect the information.

But it doesn't come with a lot of specific mandates for that protection, said Lee Kim, director of privacy and security for the nonprofit Healthcare Information and Management Systems Society.

Intruders cracked...

Comments are closed.