The Doctor is Hacked: Is the Healthcare Industry Doing Enough to Protect Your Medical Data

Media Division | April 12, 2017

While cyber attackers can attack virtually any type of organization for illicit gains, there tend to be certain sectors or types of organizations that they target much more frequently, often due to them being much more high-value targets.  One of the most frequent types of organizations that cyber attackers target are healthcare organizations and the industry overall.  The reality is that the healthcare industry can hold a wide range of sensitive personal information of individuals.  Everything from names to social security numbers could potentially be a part of the information at a healthcare organization.

Another unfortunate truth is that breaches of healthcare organizations happen far too often then they should.  It seems like every single week there has been another breach or maybe even several.  Medical documents and personal information continue to be exfiltrated from healthcare organizations by cyber attackers and this raises an extremely important question: Is the healthcare industry doing enough to protect our medical data?

The State of Healthcare Industry Cyber Security

Unfortunately, the answer to this question is not pleasant.  While most organizations do of course have basic layers of security, they are often exploited through vulnerabilities that could have been easily covered had they established proper comprehensive protection.  For instance, there have been cases of databases being accessed purely because they were left in an unprotected state.  As another example, there was a clinic recently breached because they had not properly vetted the security of a third party vendor that they worked with, which allowed medical records to be released.  And in yet another instance, there was a case where healthcare data was left vulnerable through a hole in the security of FTP servers, where they could be accessed through extremely basic usernames without even needing a password.  There are incidents like this that occur all over the nation, which is why the overall security being employed in the healthcare industry has become such a major concern.

Cyber Hacks of Medical Devices

The cyber security of healthcare organizations is of great concern when it comes to the protection of medical records and other critical patient data, but there is also the potential that it could actually be damaging to a person’s health or medical care.  As the technology of medical devices has continued to improve, there are more of them being connected to cyberspace for various reasons.  But as with any newly connected cyber technology, this brings the concern of potential hacking, and when it comes to devices like pacemakers or life support machines, hacks could mean the difference between life and death.  In fact, there have been vulnerabilities discovered in medical devices already.  While it does not appear there have been any instances of attacks on them, it could be of concern, later on, being that there have been countless devices that were thought could never be hacked and then were not much later.

Protecting an Organization from Security Breaches

Cyber security is a necessity in virtually every organization these days, but there are some where it is almost more critical that they have even more comprehensive security, like healthcare organizations.  Being that essentially everyone on the planet attends healthcare facilities, it is quite important that their data is protected.  Preventing security breaches has become an extreme focus for any organization, and even more so for those that are frequent targets for cyber attackers.  Cyber security in our modern age of connected devices and systems has evolved to much more than a simple antivirus.  Massive Alliance offers a wide array of cyber security services that can help organizations to prevent and mitigate security breaches.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.