According to a fresh report from cybersecurity experts, hospitals are hackers' new favourite playground. That's unsettling news for anyone who's ever visited a hospital (read: everyone) but it also offers a curious window into how we guard our most important data. Put bluntly, we do a pretty piss poor job of it.
The security research firm Websense says that cyberattacks on hospitals have increased 600 per cent in the last 10 months. Undoubtedly, much of that increase can be accounted for by the previously reported attack on Community Health Systems, which affected some 4.5 million patients in 206 hospitals across 29 states. Websense and other security research firms say that the now infamous Heartbleed vulnerability is to blame for many of the breaches, though patches have since been put into place. Those firms also say that hundreds of thousands of patients remain vulnerable.
Why is this happening? Well there are a couple of reasons, both of them scary. The latest research suggests that hackers are turning to hospitals because they're just so dang easy to hack. The healthcare industry spends very little on cybersecurity, says John Halamka, chief information officer and dean of technology for Harvard Medical School. He (rhetorically) asked the MIT Technology Review, "Where do you think you're going to find the vulnerabilities?"
The other big reason hackers like hospitals is because the data is so valuable. The bounty of personal information contained in medical records goes for a pretty penny on the black market, and can also be used to socially engineer other attacks onto those patients.
Then there's the proprietary information about the hospitals themselves that the attackers can glean. Re/Code reported on the earlier attack, supposedly mounted by the Chinese Army:
On average, the hackers would spend nearly a year perusing a targeted company's systems looking for sensitive information to steal: Product development plans, manufacturing techniques, business plans and the email messages of senior executives. The point is to help Chinese companies be more competitive.
So some hackers are after your physical traits, while other hackers are spying on how we run our healthcare industry. Super duper.
What can we do about it? Choose your healthcare provider very carefully. Find out how electronic medical records are being secured, and if you're feeling really frisky, you can pressure your MP to introduce legislation that would regulate cybersecurity in the healthcare industry more closely. Maybe just cross your fingers too. Just for good luck. [Tech Review]