Cyber health check04 August 2017
Vast quantities of health data are generated in Australia every day and studies have shown that the collection and measurement of such data is an important step to improving health care. "Big data" informs the way health care delivery and efficiency is improved so that we can live longer, healthier lives. Inevitably, this is leading to an increased dependency on technology in the industry, exposing it to cyber threats and attacks.
In 2016, approximately 20% of all cyber incidents and breaches were directed at the health care industry. Health care fraud has become a "high volume, low value crime", with small acts adding up to billions of dollars in costs to the health care system each year. The financial impact to Australia is estimated at up to 10% of national health care expenditure, which means we are likely to see an increase in health insurance premiums and the overall cost of health care.
In England this year, 40 hospital trusts in the National Health Service (NHS) were attacked by hackers using ransomware, with the hackers demanding payment for hospitals to regain access to vital medical records. Operations and appointments were cancelled, and patients were diverted from accident/emergency departments. Warnings for breaches were in place but not acted upon. Cyber experts said the health care service was susceptible because the trusts involved were using obsolete systems and failing to apply recent security updates, which would have protected them.
Interestingly, not all cyber threats are external. Earlier this year, Verizon's Data Breach Investigations Report stated insider misuse is becoming a major issue for the health care industry, noting it is the only industry where employees are the predominant threat actors in a cyber breach. The Report summarised the health care industry as:
"having the unenviable task of balancing protection of large amounts of personal and medical data with the need for quick access to practitioners. Internal actors are well represented with employees accessing patient data out of curiosity or to commit identity fraud."
An increase in patients, pressure on the health care system and costs means the sector is looking to employ technology in their operations more so than ever, using electronic health records, cloud computing and new diagnostic technologies. To reap the benefits of big data, cyber security in the industry has to develop at the same pace as technological change and adaption—and it still has a lot of catching up to do.