Are your electronic medical records safe from healthcare cyber attack?
Researchers at Microsoft are warning that several encrypted databases of medical records are vulnerable to attacks and information loss. With the increased use of cloud computing, data breaches on encrypted databases has increased, so healthcare industry cybersecurity is more important than ever. They identify the threats in multiple ways, but one is individual and aggregate. Individual attacks are designed to gather information about a specific person where aggregate attacks are meant to recover statistical information about the entire database. These can both be very malicious.
It is still common practice to use encryption to protect against cyberattacks, and it is still one of the best defenses, however, using encryption only, is not the best solution for healthcare cyber attack prevention. Encrypted information is unscrambled in a computer’s memory, so if a cyber terrorist is able to access that, it is dangerous. In order to be useful, encryption needs to be continual to prevent progressive decoding to occur.
Heathcare cyber attacks, like the ones most notably against Anthem and UCLA Health System, are on the rise. The healthcare industry has become a target due to their lack of security. It also isn’t just medical records, attacks against the accounting databases, which store significant information, are also at risk. To date, over 90 million patients have been affected by data breaches from such attacks on healthcare industry cybersecurity.
The largest concern with these attacks is the resulting identity theft. Due to privacy laws such as HIPAA, it is extremely difficult to remove misinformation on medical records, including something as simple as a blood type, and this could result in the wrong blood transfusion in an emergency medical information.