Since the 2017 WannaCry ransomware attack on the UK’s National Health Service, healthcare organizations have been ramping up their efforts in cybersecurity.
“Very clearly this is happening,” said Mark Wehde, Chair, Mayo Clinic Engineering; Fellow, Mayo Clinic Academy of Educational Excellence; and Assistant Professor of Biomedical Engineering, Mayo Clinic College of Medicine and Science. “Major institutions like Mayo and Cleveland Clinic have already taken significant steps to address cyber security. Regional and smaller healthcare organizations are doing so or need to do so as well.”
Two areas of healthcare are especially vulnerable to cyberthreats. One is in all the connected devices present in hospitals. The average hospital room can contain 15 to 20 connected medical devices, such as patient monitors, ventilators, and IV pumps. If these devices are attacked, patient care can be disrupted, which can have disastrous results.
The second vulnerability is valuable patient data. Electronic health records (EHR), if accessed by cyber criminals, can be used for identity or insurance fraud. EHRs can also be altered. There has also been mounting concern over the use of artificial intelligence to attack 3D medical scans. Research published in 2019 showed how an attacker can use deep-learning to add or remove evidence of medical conditions from these scans. The researchers focused on injecting and removing lung cancer from CT scans and showed how three expert radiologists and a state-of-the-art deep learning AI are highly susceptible to the attack.
Based on findings of its 2020 cybersecurity survey, the Healthcare Information and Management Systems Society concluded that significant security incidents affecting both systems and devices can impact patient safety. “In light of this, the healthcare industry must develop solutions for identifying and detecting significant security incidents to better protect patients,” the study stated. “Medical devices should be conceived, designed, engineered, tested, and implemented with cybersecurity in mind.”
Fortunately, it seems that healthcare facilities are responding to this threat. Cybersecurity Ventures predicts the global healthcare cybersecurity market will grow by 15 percent year-over-year over the next five years and reach $125 billion cumulatively over a five-year period from 2020 to 2025.