by John R. Fischer
, Senior Reporter | December 11, 2017
Revenue incurred from ransomware attacks has risen in the last year from $24 million to $1 billion.
The change reflects the growing acceleration of such attacks over the last 18 months, with an increase of over 2000 percent in the ransomware sales market from $250,000 to $6.4 million in one year.
“This just tells you that this is a maturing marketplace,” James Whitfill, chief medical officer at Innovation Care Partners, said in a presentation, Cybersecurity for Imaging Departments and Imagers
, at the 2017 Radiological Society of North America (RSNA) annual conference. “There’s so much money and so much sophistication here that just like our PACS systems, which have become best of breed components with VNA versus worklist versus viewer, the ransomware world is going in the exact same direction.”
Cyberattacks in general can pose harm in health care in many ways, from fraud and exploitation to threats against patient lives.
Here is an overview of some of the most common situations that can arise from cyber attacks in health care today:
Fraud and Theft
An electronic medical record (EMR) contains almost everything about a patient, from their demographic to their billing information, making it a coveted treasure among hackers.
With information acquired from here, anyone can potentially steal identities, open up charge accounts to ring up debt or start false claims.
This is known as direct economics, and though still prevalent, it is now beginning to be overshadowed by indirect economics.
Indirect economics involves the theft of information from sources such as an EMR with the hacker providing the information to another group or individual in exchange for money or resources.
This creates difficulty in stopping the spread and abuse of patient and provider information and determining the full extent of risks. A popular place for the selling of information is the dark web.
“There is an open market for information,” Whitfill said. “The smartest people in the security world are looking on the dark market for their information. They’re not assuming that their defenses are strong. They’re trying to find where their information has leaked out.”
Whether the information is used by the hacker or someone who bought it, extortion is always a possibility, with many providers often being forced to pay ransoms in exchange for preventing disclosure of sensitive information.
Threats to patients
Hackers can easily access and manipulate the inner workings of various medical devices. Infusion pumps are one example, with hackers able to take control and dispense medicine, potentially administering an overdose that could seriously harm or kill patients.