Health Care Faces ‘Alarming’ Cybersecurity Threat, Report Says
February 20, 2014 in News
Details of Study
The report was sponsored by cybersecurity firm Norse (SANS Institute report, February 2014).
Researchers examined security breaches that took place between September 2012 and October 2013 at health care institutions, including:
- Hospitals and physician offices;
- Pharmaceutical companies; and
- Health plan managers (O’Brien, “Tech Now,” Los Angeles Times, 2/18).
The researchers in their sample found 49,917 malicious events and 723 malicious source IP addresses at 375 U.S. health-related institutions.
According to the report, the devices most likely to be affected by cyberattacks include:
- Call contact software;
- Digital video systems;
- Edge devices like firewalls and routers;
- Radiology imaging software; and
- Video conferencing systems (Ouellette, Health IT Security, 2/19).
The report noted that the findings had several “alarming” implications. For example, it states that large number of IPs detected in the study sample indicate that there likely are millions of compromised health care organizations, applications, devices and systems.
In addition, the findings suggest that current security practices are out of date and that even HIPAA-compliant organizations may not be secure (FierceHealthIT, 2/19).
Norse CEO Sam Glines said, “What’s concerning to us is the sheer lack of basic blocking and tackling within these organizations,” adding, “A decent percentage of these firms could have been eliminated from the data set if basic network and security protocol had been followed.”
Glines also said he expected to see an “uptick of breaches related to health care” in the coming years, concluding, “More vigilance is required” (“Tech Now,” Los Angeles Times, 2/18).