Issue link: https://beckershealthcare.uberflip.com/i/576097
HEALTH IT 124 Why Healthcare Cyberattacks Are Getting Worse By Akanksha Jayanthi T he data breach isn't new. Even the cyberattack has been a business risk since the late 1980s when the Internet was first widely used. For years, cyber criminals have been aer hidden information not intended for them, both within and outside of healthcare. But in recent years it appears as though these attacks have intensified in two ways: ey are more frequent and they are more severe. Some of the large-scale attacks began in the mid-2000s. In 2007, retailer TJX, parent company of TJ Maxx and Marshall's, reported a cyberattack in which hackers stole debit and credit card information of approximately 45.7 million customers start- ing from January 2003 to November 2007. Fast forward six years, and the healthcare industry suffered a cyberattack affecting nearly double the number of individuals in the TJX attack when Indianapolis-based Anthem reported the protected health information of 78.8 million had been breached. e past couple of years have seen some pretty outstanding cyberattacks. In addition to the hack on Anthem, Mountlake Ter- race, Wash.-based Prem- era Blue Cross reported a breach in March affecting 11 million patients, Los Angeles-based UCLA Health reported a breach in July also affecting 4.5 million individuals and Franklin, Tenn.-based Community Health Sys- tems reported a breach in August 2014 affecting 4.5 million. All these breaches stemmed from cyber criminals hacking network servers. Matt Comyns, glob- al head of the cyberse- curity practice at execu- tive search firm Russell Reynolds Associates, says the market is getting worse with each passing year. He says there are three main reasons why cyberattacks are occurring more frequently and causing more damage. First, Mr. Comyns says cyberattacks are relatively inexpen- sive to carry out, especially the ones orchestrated by nation-states with bountiful capital. Federal investigators looking into the cy- berattacks on the U.S. Office of Personnel Management report- ed in late May and early June that affected approximately 21.5 million Americans believe the attack originated in China. Some cybersecurity experts suggest the hacking techniques used in the OPM breach are similar to those used in the Anthem and Prem- era breaches, leading experts to believe they come from the same source. Secondly, cyberattacks are relatively anonymous. Hackers use pseudonyms and code names and are veiled by the sheath of anonymity inherently provided by the Internet. Finally, if the perpetrators are identifiable, more oen than not they are operating in uncooperative foreign governments, which Mr. Comyns says is a growing concern. "e last piece, which is increasingly becoming a problem, is [cyberattacks are] pretty well organized," Mr. Comyns adds. "You have pretty so- phisticated cybercriminals at this point that are now collaborat- ing." And, in healthcare specifically, hackers have more of an in- centive to infiltrate networks, as the value of information is much higher than data sources like credit and debit card information. Not only does sensitive health information open the door for medical identity the and insurance fraud, but even physical medical devices may be a threat to patient safety. In late July, the U.S. Food and Drug Administration issued a report warning healthcare facilities that hospital infusion pumps could be vulnerable to cyberattacks. Hackers can access the pumps remotely through the hospital's network. If they access the "It seemed to me to be a bad idea for the vice president to have a device that maybe somebody on a rope line or in the next hotel room... or downstairs might be able to hack into." -Jonathan Reiner, MD, Vice President Cheney's cardiologist